Navigation
User login
Who's online
There are currently 0 users and 2 guests online.
Syndicate
Mike Adams's blog
Cloud Computing Risk Assessment
In November of last year the European Network and Information Security Agency published a risk assessment on cloud computing. It's a pretty long read (125 pages), but I'd definitely recommend reading at least the executive summary on pages 4 - 10.
You can find the assessment here.
The Apple Dilemma
Apple's never been a very open company. On the desktop Apple controls both the main computer hardware and the OS - This ensures Apple can guarantee a certain level of performance on the systems they sell. I get that, and actually I think it's pretty smart. Apple has built a reputation around the quality and performance of their systems and it would be silly of them not to protect that.
Solaris LDAP Insecurities
I've been doing quite a bit of research regarding the native LDAP client bundled with Solaris 9 and 10 and I've found a couple of issues.
1) When using "passwd" to change an SSHA hashed password, the resulting password is stored in unix crypt format.
2) Any user on a Sun LDAP client can get a list of all ldap users in the directory (including their encrypted password)
Issue #2 is pretty bad to begin with, but coupled with issue #1, it's horrible. You might as well not use the shadow file.
