enstratius.typepad.com
The Enstratius Blog: Cloud Management and Identity
http://enstratius.typepad.com/blog/2012/04/cloud-mgmt-identity.html?cid=6a0120a709cbd0970b0163049c6414970d
Information on Dell Cloud Manager tools and general perspectives on cloud computing. Cloud Management and Identity. I would like to focus on one of the big challenges in cloud information security identity and access management. Or in other words, authentication and authorization. How do you cleanly control who has access to what within your enterprise? Providers anyone who has access to terminate instances can terminate any instance in that account! Different cloud accounts. This quickly becomes a n...
exploringpossibilityspace.blogspot.com
Exploring Possibility Space: Risk Management: Out with the Old, In with the New!
http://exploringpossibilityspace.blogspot.com/2013/08/risk-management-out-with-old-in-with-new.html
Musings on risk, innovation, data science and my PhD dissertation. Monday, August 26, 2013. Risk Management: Out with the Old, In with the New! In this post I'm going to attempt to explain why I think many existing methods of assessing and managing risk in information security (a.k.a. "the Old") are going the wrong direction and describe what I think is a better direction (a.k.a. "the New"). While the House of Cards metaphor is crude, it gets across the idea of interdependence. Here's my main message:.
blog.zoller.lu
Musings on Information Security - Luxembourg / A blog by Thierry Zoller.: August 2012
http://blog.zoller.lu/2012_08_01_archive.html
Where facts are few, experts are many. TZO Daily Security News. Mistakes made in Incident Response. Updated : Added 10 Common Mistakes of Incident Responders at the bottom]. The following post will brake one major rule I adhere to when blogging, a post shall have not more than 10% of content that is not authored by myself. The content of this post resonated so well with me however that I decided to make an exception. The following is attributed to Alit-Reza Anghaie a.k.a Packetknife.com. 1999 - Bruce S...
blog.zoller.lu
Musings on Information Security - Luxembourg / A blog by Thierry Zoller.: March 2013
http://blog.zoller.lu/2013_03_01_archive.html
Where facts are few, experts are many. TZO Daily Security News. Interesting Reads - Week 12 / 2013. Interesting Reads - Week 12 / 2013. Binary Instrumentation for Exploit Analysis Purposes (part 1). Binary Instrumentation for Exploit Analysis Purposes (part 2). Using the PIN instrumentalisation framework to analyse exploits. Weaknesses in Java Pseudo Random Number Generators (PRNGs). FBI Secretly Spying on Cloud Computer Users. FISMA/PATRIOTACT - "National Security Letters". Links to this post. Feature&#...
blog.zoller.lu
Musings on Information Security - Luxembourg / A blog by Thierry Zoller.: SSL Audit v.08 released
http://blog.zoller.lu/2013/03/tool-ssl-audit-v08-release.html
Where facts are few, experts are many. TZO Daily Security News. SSL Audit v.08 released. I have updated my little TLS/SSL Scanner called "SSL Audit" to version 0.8. I tweaked it slightly but the tool is still based on it's own rudimentary SSL Engine and hence is not limited by the number of ciphersuites and protocols available to OpenSSL or NSS. By the way I am still a little bit proud of the SSL Stack fingerprinting. Added support for TLS 1.2 CAMELIA ciphersuites;. Speed up SSLv2 enumeration;. The BEAST...
securitycircus.blogspot.com
Security Circus: The stealth cloud
http://securitycircus.blogspot.com/2010/11/stealth-cloud.html
Information Risk and Security news and opinion. IT world have an interesting article on what they're calling the ' stealth cloud. It's not an exactly new concept - mostly bigger companies have had to deal with the ' shadow IT. How to spot a Shadow IT user. Many of these services are pitched at consumers, who use them and enjoy the benefits of the likes of cloud file storage or a personal online knowledge base and these same consumers come to the office and want the same services at work. It's been said b...
securitycircus.blogspot.com
Security Circus: July 2010
http://securitycircus.blogspot.com/2010_07_01_archive.html
Information Risk and Security news and opinion. Microsoft have recently released an advisory " Microsoft Security Advisory (2286198)Vulnerability in Windows Shell Could Allow Remote Code Execution. For a new 0-day that is currently being exploited. While it can be exploited via network or webdav shares, it is removable drives that are the most likely vector for exploitation. A big part of that is our old friend, autorun, that has been the cause of problems before. I'm glad Nick wrote about it, though.
enstratius.typepad.com
The Enstratius Blog: Cloud Security
http://enstratius.typepad.com/blog/cloud-security
Information on Dell Cloud Manager tools and general perspectives on cloud computing. DevOps Myths Unmasked #1: Separation of Duties. Guest blogger: David Mortman, Chief Security Architect, Dell Cloud Manager. Apr 23, 2014 9:17:16 AM. Four security considerations when moving to the cloud. 0160;native accounts on the cloud provider so that they can’t make changes outside of your control systems. This becomes even more important when tied directly with the next concern. Both authentication and authorization...
enstratius.typepad.com
The Enstratius Blog: Cloud Management and Identity
http://enstratius.typepad.com/blog/2012/04/cloud-mgmt-identity.html
Information on Dell Cloud Manager tools and general perspectives on cloud computing. Cloud Management and Identity. I would like to focus on one of the big challenges in cloud information security identity and access management. Or in other words, authentication and authorization. How do you cleanly control who has access to what within your enterprise? Providers anyone who has access to terminate instances can terminate any instance in that account! Different cloud accounts. This quickly becomes a n...
SOCIAL ENGAGEMENT