Re: All your database (and email) are belong to us ...

[security curmudgeon <jericho () attrition org>]

On Sat, 25 Jul 2009, chris () blask org wrote:

: 2/ Should any one incident occur at Google the lessons learned are 
: likely to be applied across the organization.

I'd be happy to bet against you on this.

Incident occurred. Lesson: Single factor SSO authentication can bite you 
in the ass (access to mail, calendar, docs, apps, more).

I bet we don't see them change this to require (or even allow) unique 
passwords for each part. I bet we don't see them change to two-factor 
authentication, even if it remains SSO.

: These are good points to some extent for any hosted standardized 
: solution - just as buying a firewall has these things going for it as 
: opposed to building your own.  Google has the additional advantage of 
: billions of dollars and massive resources, and perhaps the disadvantage 
: of being extremely visible as well.

If they spend a portion of those billions of dollars on security, sure. 
But like most companies, security doesn't seem to be any more 'built in 
from the ground up' than the next company.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.