| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8mHn55t4Ois=KXEHY6aSGQBEGctZipCiaffQACXrwYUeg@mail.gmail.com> Date: Sat, 9 Nov 2013 09:47:13 -0500 From: Jeffrey Walton <noloader@...il.com> To: David Miller <dmiller@...heus.org> Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Cloud Questions On Fri, Nov 8, 2013 at 9:08 AM, David Miller <dmiller@...heus.org> wrote: > ... > I don’t think I’ve seen a single post about cloud security. > > Is ‘the cloud’, AWS in particular, believed to be secure? Is it simply not targeted? > Stallman has a term for it: Careless Computing. http://techcrunch.com/2010/12/14/stallman-cloud-computing-careless-computing/. > Or would it be covered by some other list? Inquiring minds are, uh, inquiring. The only list I've seen so far is OpenStack's security list. http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security. From what I've seen, cloud security seems to have three broad tracks (in addition to all the secure coding and HTML app stuff). First is low-level security that acts on block devices, like Amazon's CloudHSM and other who focus on VM security. Second is high level security that attempts to secure databases (table fields) and object stores (Amazon S3 and OpenStack Swift), like CipherClod and Armor-Cloud. And third is identity management, like the federated and single sign-on integrations. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists