BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Information Security Content on InfoQ

  • Database Access Misconfiguration Exposes 250M Customer Records at Microsoft

    Comparitech security firm reported a major data breach at Microsoft that exposed 250 million customer records over a period of a couple of days. Microsoft said the leaked data, which did not include personally identifiable information, was not used maliciously.

  • ESP32 IoT Devices Vulnerable to Forever-Hack

    A popular WiFi chip, ESP32, contains a security flaw that enables hackers to implant malware that can never be removed. The attack works by implanting code into eFuses, a chip feature that can only be configured once.

  • Microsoft Releases Azure Sentinel, a Cloud Native SIEM, to General Availability

    In a recent blog post, Microsoft announced the general availability of Sentinel, a Security Information and Event Management (SIEM) service in Azure, providing customers with intelligent security analytics across their enterprise. With the GA of Azure Sentinel, Microsoft now enters the SIEM market.

  • Security Architecture Anti-Patterns by UK Government National Cyber Security Centre

    The National Cyber Security Centre of the UK Government recently published a white paper on the six design anti-patterns that we should avoid when designing computer systems.

  • Robot Social Engineering: Brittany Postnikoff at QCon New York

    At QCon New York, Brittany Postnikoff presented “Robot Social Engineering: Social Engineering Using Physical Robots”. Quoting findings from academic research literature, she demonstrated that humans can often be manipulated via robots. A core message of the talk was the need for security and privacy to be part of any robot's fundamental design.

  • Making Security More Intelligent, Microsoft Releases Azure Sentinel

    In a recent blog post, Microsoft announced further investments to its intelligent security offerings in the form of a Security Information and Event Management (SIEM) product called Azure Sentinel. SEIMs are used by security professionals as a data store that is capable of aggregating security events from logs across a variety of systems, including servers, firewalls, routers and switches.

  • Implementing Privacy by Design in Hyperledger Indy

    Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.

  • DevSecOps Grows Up and Finds Itself a Community

    On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.

  • Microsoft Launches Azure Information Protection for Documents

    Microsoft launched Azure Information Protection (AIP) in early June 2016. The service aims to enable easy classification of documents both for security and taxonomy.

  • Apple Defends Encryption with TV Interview, Files Counter Lawsuit

    Apple has responded to questions raised about its stance with the FBI and CEO Tim Cook has appeared on live TV to defend Apple's stance. They have now filed a lawsuit to have the FBI's case dismissed. InfoQ updates you with the latest on the subject.

  • Password Manager LastPass Suffers Hacking Attack

    The web-based LastPass password management service has been hacked according to the company, and the result is that some user data, including email addresses and authentication hashes were obtained by unknown assailants. The breach highlights the risks users take by storing all of their passwords in a centralized location.

  • Splunk .conf2014 Keynote 1

    At the opening keynote for Splunk .conf2014 we heard about GE Capital’s developer culture, Red Hat’s internal IT focus, and Coca-Cola’s “Data Lake” theory of information management.

  • Continuous Security Testing With Gauntlt

    James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.

  • HTC America Drops Ball on Mobile Security

    Manufacturer HTC America affirmatively acknowledged Federal Trade Commission (FTC) charges that millions of its customers’ Android based mobile devices were using software with potentially serious security vulnerabilities. The leading mobile device making company was ordered to make a patch available before the end of March 2013 to all concerned parties.

  • Dynamic Access Control in Windows Server 2012

    Dynamic Access Control is a set of features for Windows Server 2012 to manage authentication and authorization beyond Active Directory Groups. There are several components involved in this, the most notable being the ability evaluate expression-based ACLs against user and device claims.

BT