lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH8yC8mHn55t4Ois=KXEHY6aSGQBEGctZipCiaffQACXrwYUeg@mail.gmail.com>
Date: Sat, 9 Nov 2013 09:47:13 -0500
From: Jeffrey Walton <noloader@...il.com>
To: David Miller <dmiller@...heus.org>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Cloud Questions

On Fri, Nov 8, 2013 at 9:08 AM, David Miller <dmiller@...heus.org> wrote:
> ...
> I don’t think I’ve seen a single post about cloud security.
>
> Is ‘the cloud’, AWS in particular, believed to be secure?  Is it simply not targeted?
>
Stallman has a term for it: Careless Computing.
http://techcrunch.com/2010/12/14/stallman-cloud-computing-careless-computing/.

> Or would it be covered by some other list?  Inquiring minds are, uh, inquiring.
The only list I've seen so far is OpenStack's security list.
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security.

From what I've seen, cloud security seems to have three broad tracks
(in addition to all the secure coding and HTML app stuff). First is
low-level security that acts on block devices, like Amazon's CloudHSM
and other who focus on VM security. Second is high level security that
attempts to secure databases (table fields) and object stores (Amazon
S3 and OpenStack Swift), like CipherClod and Armor-Cloud. And third is
identity management, like the federated and single sign-on
integrations.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ