Why Must We Still Fear the BEAST, and What Can We Do?
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]
What’s Different about Security in the Cloud?
Well, in many ways, nothing, really. Since the advent of “cloud computing” we are certainly considering “security” under a microscope and in a new light. The truth is, though, that security is still just security. Maybe the cloud model has changed the specifics of “who does what” but all the stuff we’ve learned before still […]
Could Cloud Have Prevented Security Concerns of Home Secretary?
Today I awoke to the news that UK Home Secretary Teresa May had left her engagement book in an auditorium last Sunday. There were concerns that the lapse put the home secretary and her colleagues at risk because of the details it contained. The book was left by her personal protection secretary. So what has […]
Missile Defence Agency Adopts Cloud Computing
Today, whilst on a consulting assignment related to mobile development, we discussed the integration of mobile and Cloud Computing. My client immediately said “the big problem with cloud computing is security, applications co-hosted with other organisations applications is dangerous …”. As you know, this is something that I have written about before. Having then began […]
Amazon EC2 Security Groups: The Tip of a Very Large Iceberg
The most common concern I hear from attendees when presenting Learning Tree’s Cloud Computing course is security – how secure is the cloud ?. The most common search terms on Google that drive visitors to this blog are related to ‘Amazon Security Groups’. With this in mind I thought it worthwhile expanding a little on […]