Re: Security and Cloud Computing

Thank you for sharing. I don't nomally click linkies. Very nice.

Re: Security and Cloud Computing

This talk by Craig Balding was quite good. The A/V should be up in a few weeks. but the slides are here:

https://www.blackhat.com/presentatio...ity-slides.pdf

Re: Security and Cloud Computing

Damn.

S

Re: Security and Cloud Computing

Quit trying to flirt with me. :-)

Regards,

valkyrie
-----------------------------------------------------------------
sapere aude

Re: Security and Cloud Computing

You broadly misinterpret. I am hardly a smartass. There is a prerequisite of being smart. Comments I make are sincere. You'll see. Look me up at 17. You'll be shocked!

S

Re: Security and Cloud Computing

I snack on smart asses. :-)

regards,

valkyrie
_________________________________
sapere aude

Re: Security and Cloud Computing

Damn, it's barely a paragraph. It's one sentence. I'm an author? Glad I have editors.

Reflecting now. Breaking out the absinthe. (Really!)

S

Re: Security and Cloud Computing

Please look very carefully at the last paragraph you wrote. Reflect on it. Really reflect on it. You are coming to your own conclusions.

Regards,

valkyrie
____________________________________
sapere aude

Re: Security and Cloud Computing

That is very true.

My experience has been this - Microsoft and Amazon, especially, and the smaller cloud providers, are pushing to host the big applications on the cloud; those applications that Nationwide and Chase are hosting in their own datacenters are a key focus. Chase wouldn't put their credit card management portal on the cloud, but that is exactly what Microsoft is suggesting is a good idea. The veiled premise is that it is MORE secure because it is the cloud, when really it is less. You don't know where the machines physically are, even. At least when I host with CeraNet, I can go TOUCH the machines.

I don't know - maybe I am reaching. It seems like there are more problems with virtualization and shard computing than usual application service providers, and yet the focus is to move bigger more important systems there, while the providers are providing less information about the security than even small providers provide about their systems.

S

Re: Security and Cloud Computing

No worries. I am not that difficult to find. I suggest you run down Bascule as well, though he may now decide to hide. :-) Others to talk with will be those who have shown up in this forum. I would think that particularly picking Xor's and the Streaker's brains would avail you of some delicious nuggets of knowledge with which to pepper your paper or talk or whatever it is you have in mind.

You still have to sign a non-disclosure agreement. :-D

Regards,

valkyrie
______________________________________________
sapere aude

Re: Security and Cloud Computing

Those are big concerns of any system, not just cloud computing.

Re: Security and Cloud Computing

Understood!

Valkyrie, I apologize, I perhaps am not taking this as seriously as I should.

Admittedly, I was thinking more about the conceptual twists that make Cloud computing inherently insecure (like structural divisions, elevation of authority problems, and eighteen year old kids with root privilege), not specific 0-day exploits. If you look at what I write, I am not that kind of author (though perhaps I should be.)

I'll be at 17, and we'll all chat, perhaps.

S

Re: Security and Cloud Computing

Hydruh, first I'm no expert on cloud computing. Any time I hear that word I just think you want me to put my data/domain/control and my customers data/domain/control where....? It just seems like an internet thin client to me, only sexier because it's in the Cloud. While this may work for earth people end users it surely is very questionable when it comes to business practices.

That said... I believe Valkyrie is trying to offer you the demonstrative, and empirical data you are looking for. This being a "new twist" in technology I'm sure she want's to meet the person she is going to hand over clearly confidential information to rather that just irresponsibly disclosing here in a public forum. A public forum which is visited by all people, the good guys and the bad.

Otherwise I suggest getting a grant, building a cloud infrastructural, and try and break it or use it to try and break stuff. If working with computers have taught me any virtues at all, patience is no doubt at the top of the list. Though I still need a lot of work on proof reading .

xor

Re: Security and Cloud Computing

Fair enough question.

I was asked to speak at a local joint IEEE/ACM symposium. Here is the link:

http://www.ieeecolumbus.org/node/87

I decided to write a semi-formal paper and present it, and then look for a publisher. I am sure David would post the paper if I asked him to. However, I wanted to try and get it published instead.

In the meantime, one of the publishers I approached suggested a paper on security, in the cloud, because it is a hot topic. I can and will do my own research, but I thought it would make a good topic here, as I am sure we will hear about it at DefCon this year too.

If I was wrong, I am sorry. I will of course credit anyone who points me in an interesting direction.

S

Re: Security and Cloud Computing

I'm confused...if you presented it at an ACM conference, shouldn't there be a link to it online? I know all the work my friends have presented usually is searchable on the ACM portal, as long as the conference is an ACM conference. If the paper is accepted for presentation, that usually implies it will be published online. A quick search brings back several papers on cloud computing an economics that have been presented recently. I'd suggest looking there or bugging the guy who ran the conference