Cloud Computing Risk Assessment

Submitted by Mike Adams on Thu, 06/10/2010 - 21:34

In November of last year the European Network and Information Security Agency published a risk assessment on cloud computing. It's a pretty long read (125 pages), but I'd definitely recommend reading at least the executive summary on pages 4 - 10.


 You can find the assessment here.

The Apple Dilemma

Submitted by Mike Adams on Wed, 06/09/2010 - 23:23
   Apple's never been a very open company. On the desktop Apple controls both the main computer hardware and the OS - This ensures Apple can guarantee a certain level of performance on the systems they sell. I get that, and actually I think it's pretty smart. Apple has built a reputation around the quality and performance of their systems and it would be silly of them not to protect that. 

Solaris LDAP Insecurities

Submitted by Mike Adams on Tue, 06/08/2010 - 19:25

I've been doing quite a bit of research regarding the native LDAP client bundled with Solaris 9 and 10 and I've found a couple of issues.

1) When using "passwd" to change an SSHA hashed password, the resulting password is stored in unix crypt format.
2) Any user on a Sun LDAP client can get a list of all ldap users in the directory (including their encrypted password)

Issue #2 is pretty bad to begin with, but coupled with issue #1, it's horrible. You might as well not use the shadow file.

Syndicate content