InfoQ Homepage Security Content on InfoQ
-
MINIX 3 Promises to Be More Secure Than Windows or Linux
Andrew S. Tanenbaum, a computer science professor at the Vrije Universiteit in Amsterdam, is leading the project developing MINIX 3, an operating system meant to be more secure than Windows or Linux.
-
The Cloud Security Alliance Wants Safer Clouds
The Cloud Security Alliance (CSA) is a non profit organization meant to be an open forum promoting the exchange of information and knowledge related to security and cloud computing with the aim to create a set of best security practices for cloud vendors and consumers.
-
The State of the Internet
Akamai has released their quarterly report on the state of the Internet for Q4/2008. Akamai monitors the Internet traffic using agents installed across all continents and reports the findings on several domains: security, network and web outages, Internet penetration.
-
Critical Security Vulnerability Found in Quicksort
In what is sure to become one of the most wide-reaching security vulnerabilities yet known, a researcher with L0pht Heavy Industries has uncovered a flaw in the standard implementation of the Quicksort algorithm. InfoQ spoke with Dildog of L0pht to learn more about this vulnerability and it's ramifications.
-
MIX 09: Justin Smith on Azure Access Control Services
Justin Smith and John Shewchuck delivered an introduction to Windows Azure ACS. ACS is basically a hosted Secure Token Service that operates in a "claims in-claims out" mode. John demoed the ACS in a Web application writen in Phyton and JQuery running on Google Apps Engine. ACS supports any identity mechanism (Google, Yahoo, Facebook...) and can be invoked from any technology stack.
-
An MD5 Implementation for Silverlight
An implementation of the MD5 cryptographic hashing algorithm for Silverlight has been posted on MSDN by Reid Borsuk. Delay, another MSDN user, has recently posted ComputeFileHashes, a small .NET command-line application that also works on WPF and Silverlight and is helpful to compute MD5, SHA-1, and CRC-32 hashes.
-
Microsoft Released a Threat Modeling Tool
Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.
-
The AWS Management Console Raises Security Concerns
There has been an ongoing debate over how secure cloud computing is. Some argue that clouds are more secure than many private networks, while others consider that cloud computing may open more security holes. Some consider that Amazon’s - Web based – AWS Management Console is creating more opportunities to hackers.
-
MD5 Exploit Potentially Compromises SSL Security
SSL-based security using X509 certificates from certain CA's opens a vulnerability to sites masquerading under a forged X509 certificate, even in a "secure" connection. This was demonstrated recently at the Chaos Conference in Berlin by spoofing a real certificate.
-
Microsoft Will Replace Live OneCare with “Morro”
Microsoft has recently announced their plan to stop selling the Live OneCare security suite by June 30 2009 and the intention to replace it with a free security kit called Morro.
-
Geneva Manages Your Identity
Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.
-
A VPN for Cloud Computing
Security is the gating factor for preventing Enterprise Cloud adoption, argues CohesiveFT's CTO, Patrick Kerpan. His company just released the first VPN for the Cloud to enable Enterprise customers to secure three kinds of topologies: Cloud, Cloud-to-Cloud and Enterprise-to-Cloud.
-
RubyEncoder: Obfuscation and Code Protection for Ruby
RubyEncoder compiles and encrypts your Ruby files to protect them from unwanted eyes. It can also be used to restrict an application to a domain or a certain time period, to create trial versions. InfoQ talked to RubyEncoder's lead developer Alexander Belonosov.
-
WCF and Information Disclosure Threats
Anil John writes about Information Disclosure Threats and Web Services. In his article he delves into the details of how potential attackers use to prepare their attacks and how some common web service practices ‘support’ these threats.
-
New Windows Essential Business Server Targeted to Midsize Businesses
Microsoft has created a new server, called Windows Essential Business Server 2008 (EBS), which combines management, messaging and security features into one integrated multi-server solution. The new server is targeted to midsize businesses with reduced IT staff personnel of 1 to 3 persons.