If you're a security professional, it would be worth your time to read Craig Balding's post What’s New in the Amazon Cloud?: Security Vulnerability in Amazon EC2 and SimpleDB Fixed (7.5 Months After Notification), a summary and analysis of Colin Percival's post AWS signature version 1 is insecure. These posts demonstrate the changing nature of our jobs. We will become increasingly reliant on others hosting, processing, and ostensibly "protecting" our data, but our ability to measure the effectiveness of these services is likely to erode over time. In this case it sounds like Amazon.com worked slowly but very effectively with Colin, and their example should be followed.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
0 komentar:
Posting Komentar