InfoQ Homepage Security Content on InfoQ
-
An MD5 Implementation for Silverlight
An implementation of the MD5 cryptographic hashing algorithm for Silverlight has been posted on MSDN by Reid Borsuk. Delay, another MSDN user, has recently posted ComputeFileHashes, a small .NET command-line application that also works on WPF and Silverlight and is helpful to compute MD5, SHA-1, and CRC-32 hashes.
-
Microsoft Released a Threat Modeling Tool
Microsoft has released SDL Threat Modeling Tool 3, a tool used to model, analyze, track and mitigate security vulnerabilities early in the application’s design process.
-
The AWS Management Console Raises Security Concerns
There has been an ongoing debate over how secure cloud computing is. Some argue that clouds are more secure than many private networks, while others consider that cloud computing may open more security holes. Some consider that Amazon’s - Web based – AWS Management Console is creating more opportunities to hackers.
-
MD5 Exploit Potentially Compromises SSL Security
SSL-based security using X509 certificates from certain CA's opens a vulnerability to sites masquerading under a forged X509 certificate, even in a "secure" connection. This was demonstrated recently at the Chaos Conference in Berlin by spoofing a real certificate.
-
Microsoft Will Replace Live OneCare with “Morro”
Microsoft has recently announced their plan to stop selling the Live OneCare security suite by June 30 2009 and the intention to replace it with a free security kit called Morro.
-
Geneva Manages Your Identity
Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.
-
A VPN for Cloud Computing
Security is the gating factor for preventing Enterprise Cloud adoption, argues CohesiveFT's CTO, Patrick Kerpan. His company just released the first VPN for the Cloud to enable Enterprise customers to secure three kinds of topologies: Cloud, Cloud-to-Cloud and Enterprise-to-Cloud.
-
RubyEncoder: Obfuscation and Code Protection for Ruby
RubyEncoder compiles and encrypts your Ruby files to protect them from unwanted eyes. It can also be used to restrict an application to a domain or a certain time period, to create trial versions. InfoQ talked to RubyEncoder's lead developer Alexander Belonosov.
-
WCF and Information Disclosure Threats
Anil John writes about Information Disclosure Threats and Web Services. In his article he delves into the details of how potential attackers use to prepare their attacks and how some common web service practices ‘support’ these threats.
-
New Windows Essential Business Server Targeted to Midsize Businesses
Microsoft has created a new server, called Windows Essential Business Server 2008 (EBS), which combines management, messaging and security features into one integrated multi-server solution. The new server is targeted to midsize businesses with reduced IT staff personnel of 1 to 3 persons.
-
Critical REXML DoS Found - Monkey Patch Available as Fix
REXML was found to be vulnerable to XML entity explosion attacks. As frameworks like Rails parse incoming XML with REXML, these apps are in danger on all current 1.8.6, 1.8.7 and Ruby 1.9 versions, and other Ruby versions using standard REXML. The fix at the moment is a monkey patch for the REXML library.
-
.NET 3.5 SP1 Runs Managed Applications From Network Shares
Microsoft has released .NET Framework 3.5 SP1 which includes a security change from previous versions allowing to run managed applications from network shares.
-
Security Vulnerabilities in Safe Level, WEBrick, Dl, DNS lookup
A few security vulnerabilities were discovered in Ruby 1.8.5 to 1.8.7 and 1.9.x. The vulnerabilities are found with safe levels, WEBrick has a DoS vulnerability in a particular regular expression, shared library API dl doesn't check taintedness and resolv.rb has a problem with DNS spoofing.
-
Improving Web Service Security: Guidance for WCF
Microsoft patterns and practices group has released a WCF Security Guide. The 689 pages compendium offers a general introduction to Web Service security fundamentals as well as in-depth knowledge about several security threads and appropriate counter-measures.
-
Presentation: Secure Programming with Static Analysis
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.