GitHub Is Testing New Security Tools for Open-Source Code

Cloud-based code hosting service GitHub wants to make open-source material more secure. The Microsoft service is expanding safety features with two new offerings in beta. Secret scanning alerts are now free for all public repositories while push-notifications for custom secret patterns are also being made available. Open-source code is now incorporated into a whopping 97 percent of applications, according to Synopsys, which says 90 percent of organizations rely on it to varying degrees. Yet the very access that contributes to its popularity also leaves it vulnerable to malicious actors, as emphasized by the SolarWinds, Log4j and other breaches. Continue reading GitHub Is Testing New Security Tools for Open-Source Code

More Details on Oracle’s Bid to Be TikTok’s Trusted Partner

Although Microsoft and Walmart’s joint bid was considered the leader to become the “trusted partner” of the U.S. operations of ByteDance’s social video app TikTok, cloud and platform services company Oracle has come out on top. The structure of the Oracle deal is still unknown, but one source said it will not be an “outright sale.” The White House and the Committee on Foreign Investment in the United States (CFIUS) still have to approve the proposal. President Trump stated he would ban TikTok if it isn’t sold by September 20. TikTok has about 100 million monthly users in the U.S. Continue reading More Details on Oracle’s Bid to Be TikTok’s Trusted Partner

Qualcomm Alleges Apple Shared Trade Secrets to Help Intel

In California Supreme Court in San Diego this week, Qualcomm charged Apple with stealing computer source code, software development tools and log files of data about its products’ performance and giving it to Intel, with the goal of reducing its need for Qualcomm chips. The two tech behemoths have been involved in a legal battle since last year, when Qualcomm accused Apple of a “multiyear campaign of sloppy, inappropriate and deceitful conduct to steal Qualcomm’s information and trade secrets” to help Intel. Continue reading Qualcomm Alleges Apple Shared Trade Secrets to Help Intel

Yahoo Warns Users: Hackers Forged Cookies to Access Data

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

Newly Published Google Overview Spells Out Security Details

In a recently published Infrastructure Security Design Overview, Google explains its six layers of security for the cloud it uses for its own operations and its public cloud services. The company also revealed that it designs custom chips, “including a hardware security chip that is currently being deployed on both servers and peripherals,” that allow it to “securely identify and authenticate legitimate Google devices at the hardware level.” The chip works with cryptographic signatures validated during each boot or update. Continue reading Newly Published Google Overview Spells Out Security Details

Yahoo: Second Data Breach Involves 1 Billion User Accounts

In September, Yahoo revealed a 2014 security breach that involved 500,000 of its users’ accounts. Now the company has announced an even larger data breach from 2013 involving more than one billion accounts, including those of more than 150,000 government and military employees. “The two attacks are the largest known security breaches of one company’s computer network,” reports The New York Times. “The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.” Continue reading Yahoo: Second Data Breach Involves 1 Billion User Accounts

TPP Trade Agreement Sparks Response from Tech Community

With the publication of the Trans Pacific-Partnership (TPP) international trade treaty, numerous technology and privacy rights groups are speaking up over a range of issues. Non-profit consumer rights organization Public Citizen decries what it says is “serious implications for online privacy.” Others note that the TPP would prevent member countries from requiring that companies from other member states hand over the source code of their products. And some activists believe TPP could help further net neutrality. Continue reading TPP Trade Agreement Sparks Response from Tech Community

Autodesk Stingray, Ideal Program for Mid-Small Sized Studios

Autodesk has launched Stingray, a game engine with design tools targeting for smaller studies that are looking for customization without the need for excessive programming. The engine is equipped with node-based scripting tools, however it also offers Stingray’s C++ source code for companies looking for more customization. Stingray provides quicker feedback, and will be bundled with Maya LT to provide artists with a modeling and animation app. It will arrive for Windows beginning mid-August for $30 a month. Continue reading Autodesk Stingray, Ideal Program for Mid-Small Sized Studios

New Chinese Security Law Raises Concerns by Tech Industry

New language in China’s recently enacted national security law is generating major concern across the global technology industry. The rules call for a “national security review” of networking, tech products and services, and foreign investment. In addition, the rules call for crucial tech sectors to be made “secure and controllable,” which industry groups fear may suggest that back doors for allowing third-party access to systems would be necessary, perhaps even leading to the sharing of encryption keys or source code. Continue reading New Chinese Security Law Raises Concerns by Tech Industry