Similarly, moves by both Microsoft and Amazon, among others, to set up local data centres in the EU will not on their own protect European data unless that is encrypted by the companies themselves, and the cloud computing providers do *not* have access to the keys. Indeed, if the data is encrypted in this way, local storage is not so important, since the NSA will have an equally hard time decrypting it wherever it is held - as far as we know, that is.
Because of that recent US court judgment ordering Microsoft to hand over emails held in Ireland, many people are now aware of the dangers of cloud computing in the absence of encryption under the control of the customer. But very few seem to have woken up to the problems of backdoors in proprietary software that I mentioned at the start of this post. One important exception is the German government, which according to Sky News is working on an extremely significant law in this area
GnuPG, also known as GPG, allows to encrypt and sign data and
communication, features a versatile key management system as well as
access modules for public key directories. GnuPG itself is a command
line tool with features for easy integration with other applications.
A wealth of frontend applications and libraries making use of GnuPG
are available. Since version 2 GnuPG provides support for S/MIME and
Secure Shell in addition to OpenPGP.
The internet of things (IoT) offers endless possibilities for smart devices and their applications. So it’s no wonder that the IoT is as equally tempting to hackers, as it is to developers, keen to showcase their latest developments.
A lack of security issues doesn’t mean you’re OK – you’re probably just not being targeted yet.
This paper is designed to help anyone who is developing an internet-enabled Linux device for personal or business use. It highlights the main areas to consider and provides a practical checklist for developing applications for Embedded Linux.
LastPass has published an open source command line application to provide terminal-loving devs with alternative access to their passwords and login data.
The outfit says the app improves user security, with a growing list of commands that lets users edit their LastPass data. It also supports functions such as regular automated password changes and the ability to generate and store passwords for servers.
LastPass community manager Amber Gott said it welcomed community pull requests.
It has advanced far beyond the primitive proof of concept demonstrated more than four years ago. Release 2 (beta), which arrived in late September, is a powerful desktop OS.
Qubes succeeds in seamless integrating security by isolation into the user experience. However, comparing Qubes to a typical Linux distro is akin to comparing the Linux OS to Unix.
If you are using a Sony Xperia device running either Android 4.4.2 or 4.4.4 it’s advised (by me) that you install a custom ROM on your device. Several reports have appeared online that the stock firmware on these devices contains Baidu spyware that is discreetly sending data back to servers in China, you do not need to have installed any software on your phone as it’s bundled into the firmware.
Containerization technology has been a game-changer, powering Docker and other transformative software solutions. It's also garnered its share of criticisms about performance, security, and resiliency.
But one of the creators of Parallels, a key containerization technology on Linux, is pushing back against what he feels are pervasive myths about containers -- many of which, he argues, are rooted in misunderstandings of how to use them and what they're for.
This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.