funsec mailing list archives
Re: All your database (and email) are belong to us ...
From: security curmudgeon <jericho () attrition org>
Date: Sun, 26 Jul 2009 02:50:08 +0000 (UTC)
On Sat, 25 Jul 2009, chris () blask org wrote: : 2/ Should any one incident occur at Google the lessons learned are : likely to be applied across the organization. I'd be happy to bet against you on this. Incident occurred. Lesson: Single factor SSO authentication can bite you in the ass (access to mail, calendar, docs, apps, more). I bet we don't see them change this to require (or even allow) unique passwords for each part. I bet we don't see them change to two-factor authentication, even if it remains SSO. : These are good points to some extent for any hosted standardized : solution - just as buying a firewall has these things going for it as : opposed to building your own. Google has the additional advantage of : billions of dollars and massive resources, and perhaps the disadvantage : of being extremely visible as well. If they spend a portion of those billions of dollars on security, sure. But like most companies, security doesn't seem to be any more 'built in from the ground up' than the next company. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- All your database (and email) are belong to us ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 25)
- Re: All your database (and email) are belong to us ... Jarrod Frates (Jul 29)
- <Possible follow-ups>
- Re: All your database (and email) are belong to us ... chris (Jul 25)
- Re: All your database (and email) are belong to us ... security curmudgeon (Jul 25)
- Re: All your database (and email) are belong to us ... chris (Jul 25)
- Re: All your database (and email) are belong to us ... security curmudgeon (Jul 25)
- Re: All your database (and email) are belong to us ... chris (Jul 26)
- Re: All your database (and email) are belong to us ... Young, Keith (Jul 28)
- Re: All your database (and email) are belong to us ... Ali, Saqib (Aug 14)
- Re: All your database (and email) are belong to us ... security curmudgeon (Jul 25)
- Re: All your database (and email) are belong to us ... Rich Kulawiec (Jul 27)
- Re: All your database (and email) are belong to us ... Valdis . Kletnieks (Aug 15)
- Re: All your database (and email) are belong to us ... Hubbard, Dan (Aug 21)
- Re: All your database (and email) are belong to us ... Rich Kulawiec (Aug 21)
- Re: All your database (and email) are belong to us ... Alex Lanstein (Aug 21)