InfoQ Homepage Security Content on InfoQ
-
MD5 Exploit Potentially Compromises SSL Security
SSL-based security using X509 certificates from certain CA's opens a vulnerability to sites masquerading under a forged X509 certificate, even in a "secure" connection. This was demonstrated recently at the Chaos Conference in Berlin by spoofing a real certificate.
-
Microsoft Will Replace Live OneCare with “Morro”
Microsoft has recently announced their plan to stop selling the Live OneCare security suite by June 30 2009 and the intention to replace it with a free security kit called Morro.
-
Geneva Manages Your Identity
Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.
-
A VPN for Cloud Computing
Security is the gating factor for preventing Enterprise Cloud adoption, argues CohesiveFT's CTO, Patrick Kerpan. His company just released the first VPN for the Cloud to enable Enterprise customers to secure three kinds of topologies: Cloud, Cloud-to-Cloud and Enterprise-to-Cloud.
-
RubyEncoder: Obfuscation and Code Protection for Ruby
RubyEncoder compiles and encrypts your Ruby files to protect them from unwanted eyes. It can also be used to restrict an application to a domain or a certain time period, to create trial versions. InfoQ talked to RubyEncoder's lead developer Alexander Belonosov.
-
WCF and Information Disclosure Threats
Anil John writes about Information Disclosure Threats and Web Services. In his article he delves into the details of how potential attackers use to prepare their attacks and how some common web service practices ‘support’ these threats.
-
New Windows Essential Business Server Targeted to Midsize Businesses
Microsoft has created a new server, called Windows Essential Business Server 2008 (EBS), which combines management, messaging and security features into one integrated multi-server solution. The new server is targeted to midsize businesses with reduced IT staff personnel of 1 to 3 persons.
-
Critical REXML DoS Found - Monkey Patch Available as Fix
REXML was found to be vulnerable to XML entity explosion attacks. As frameworks like Rails parse incoming XML with REXML, these apps are in danger on all current 1.8.6, 1.8.7 and Ruby 1.9 versions, and other Ruby versions using standard REXML. The fix at the moment is a monkey patch for the REXML library.
-
.NET 3.5 SP1 Runs Managed Applications From Network Shares
Microsoft has released .NET Framework 3.5 SP1 which includes a security change from previous versions allowing to run managed applications from network shares.
-
Security Vulnerabilities in Safe Level, WEBrick, Dl, DNS lookup
A few security vulnerabilities were discovered in Ruby 1.8.5 to 1.8.7 and 1.9.x. The vulnerabilities are found with safe levels, WEBrick has a DoS vulnerability in a particular regular expression, shared library API dl doesn't check taintedness and resolv.rb has a problem with DNS spoofing.
-
Improving Web Service Security: Guidance for WCF
Microsoft patterns and practices group has released a WCF Security Guide. The 689 pages compendium offers a general introduction to Web Service security fundamentals as well as in-depth knowledge about several security threads and appropriate counter-measures.
-
Presentation: Secure Programming with Static Analysis
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.
-
Presentation: Operational Scalability in the Next Generation Web World
In this presentation filmed during JAOO 2007, Wayne Fenton, Director of Architecture at eBay Inc., talks about the ways in which software architects can design systems for much-improved efficiency and reliability from an operational perspective.
-
Microsoft announces release of “Zermatt” Identity Framework
Microsoft released a beta of “Zermatt”, an identity framework for developers using the .Net framework. The framework helps developers build claims-aware applications to address application security requirements using a simplified application access model.
-
Security Advisory Issued for Spring MVC
A security advisory was issued today regarding two potential Spring MVC issues which may affect applications that have been implemented using Spring MVC, both of which deal with the server-side processing of client-side parameters. InfoQ analyzed this issue in detail and spoke with Ounce Labs, which identified these issues.