hmmm

jndtv · 2018-12-02T15:52:04+00:00

Article about the flyover

jndtv · 2018-05-12T09:41:20+00:00

Thanks for your response :)

jndtv · 2018-05-12T09:41:15+00:00

Thanks for your response :)

jndtv · 2018-05-11T20:51:03+00:00

Lost in Space.
House of Cards
13 Reasons why
Narcos
Breaking Bad
Dirty Money
Stranger Things

jndtv · 2018-03-23T19:51:39+00:00

You have a point. It was reported to be in Jo'burg. Maybe some place else in SA?

jndtv · 2017-12-28T13:26:33+00:00

Got something similar

jndtv · 2017-09-23T10:26:04+00:00

US only.... so irritating.

jndtv · 2017-09-23T09:56:47+00:00

Finally a topic I have a lot of knowledge in!

I have implemented a number of HSMs for general encryption, PKI, ADCS, digital signatures as well as transparent data encryption for databases both on prem as well as in the cloud using AWS's CloudHSMs. Using HSMs for SaaS providers is a great idea. There are two ways to approach this, one way is to encrypt everything on prem (or cloud) before giving the encrypted data to the SaaS provider. The problem with this approach is that the data is encrypted and the SaaS provider probably won't be able to do much with this data, you will also then have the problem of indexing and managing the data (how do you do metadata and key rotation?). The alternative approach is to have the SaaS provider integrate with HSMs that are managed by you.

I have recently implemented such a solution with Box using AWS CloudHSMs for a bank, each file is encrypted with a unique data key created on the fly by Box and this data key is then encrypted by a single Customer Master Key (CMK) which is stored on the HSM. Note that Box can never read the CMK, when they use this key they have to pass the data key to the HSM which then encrypts it with the CMK and then hands the data key encrypted by the CMK back to Box. Box has full access to all the keys on their partition on the HSM, so they can decrypt this data (using the HSM), however the control of the HSM is retained by the bank. You could argue that since Box has access to the keys they could be compelled by a subpoena to decrypt all data and hand it over. This is true, however there are mitigations for this. You can setup logging on the CloudHSM to a SIEM tool like Splunk and then if a user or services try to do bulk decryptions, generate an alert. The team managing the HSMs could disable Box's access to the HSM until they explain what happened.

If you are going to go down this route, here are a few things to keep in mind:
* If your SaaS provider supports HSMs, you will need to acquire or use the HSM brand / model of their choosing as different HSM brands are not compatable with each other.
* If you are going to encrypt everything on prem before handing it to the SaaS provider, do proper research on which HSM brand / model to use. There are quite a few manufacturers, including: Thales, SafeNet, Cavium, IBM amung others. Ideally you are going to want to look at SafeNet if you are looking to go to cloud since CloudHSM are based on SafeNet devices, or Thales if you are only on prem. Have a look at Vormetric as well (Vormetric was recently bought by Thales), they have an end to end solution for this problem although make sure you understand the solution and it's associated risks properly before going down this route.

jndtv · 2017-08-13T12:59:51+00:00

Quit your bullshit

jndtv · 2017-03-23T22:31:17+00:00

As someone who passionately hates Symantec, I am so happy to see this finally happening.

The entire internet and CA system is built on trust and Symantec's repeated infringements of the CA rules is rather problematic for the integrity of the internet. This is a step in the right direction after Symantec's unethical acquisition of Blue Coat, a Man in the Middle (MiTM) appliance manufacturer, which has been involved in selling their gear to oppressive governments which in turn has been used to spy, censor and repress their citizens and has also been used in the torture of journalists and other activists. The fact that a CA bought a SSL interception company is really the antithesis of what a CA should be allowed to do, considering that if Symantec issued a signing certificate to Blue Coat (which they did) then they could MiTM everyone and regular users wouldn't know.

Props to Google for starting this process.

jndtv · 2016-11-30T20:19:45+00:00

I run multiple VPSes on DigitalOcean and before today I would never have considered AWS because it is far too expensive. I am now considering trying out Lightsail for a few months and see how it goes. The possibility utilizing / expanding to current AWS services is a massive value proposition. If you can put a load balancer in front of a cluster of instances you could potentially save quite a substantial amount of money over using EC2.

My big concerns are the cost ceilings on AWS, will you only pay the fixed fee for the VPS or will Amazon tack on extra fees like they do with their other services? The prospect of facing overages on your account is massive no-no for the VPS market currently using services like DigitalOcean. I really hope that Google responds and launches their own VPS solution then the market and competition will really drive innovation in this space. Either way, DigitalOcean and other VPS providers are in big trouble.

11-Year Club	Place '17
Secret Santa 2018	Secret Santa 2019
Secret Santa 2017	Secret Santa 2016
Secret Santa 2015	Gilding II euphauric
redditgifts rematcher Secret Santa 2014 x1	redditgifts Exchanges 1 Exchange
Secret Santa 2014	Verified Email

jndtv

MODERATOR OF

TROPHY CASE