Hint of Visibility in the Cloud

Visibility in the cloud is one of my concerns these days. When someone else hosts and processes your data, how can you tell if it is "secure?" I found Robert Graham's post Gmail now shows IP address log to be very interesting. Robert explains how Gmail using HTTPS doesn't always use HTTPS (which is old news, as he says), but monitoring (of a sort) is now available to determine if someone else is using your account. According to the Gmail blog, Gmail will soon make available logs of IPs using your Gmail account. I agree that the technique could be applied to other Web and cloud applications. How about a record of my Amazon S3 account?

Comments

Joe said…
I've always wondered why no one (that I know of) does this. This is great.
Unknown said…
I would like for web applications to have a "revoke all logins" button, which would invalidate all cookies with sessions that are logged in as the user. That way I wouldn't have to worry as much about always remembering to log out from public computers, or as is more often the case, from my several devices which can access the Internet (hand over a Nokia N810 Internet Tablet to your friend so that he can try out a game. what if he instead reads your mail on Gmail?)
Security4all said…
I love this new security feature from Gmail. Other webapplications should take an example from this. The only remark I have, is that it only shows you the last 5 connectivity attempts. This should have been a bit more.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4