On Sat, 25 Jul 2009, [email protected] wrote: : 2/ Should any one incident occur at Google the lessons learned are : likely to be applied across the organization.
I'd be happy to bet against you on this. Incident occurred. Lesson: Single factor SSO authentication can bite you in the ass (access to mail, calendar, docs, apps, more). I bet we don't see them change this to require (or even allow) unique passwords for each part. I bet we don't see them change to two-factor authentication, even if it remains SSO. : These are good points to some extent for any hosted standardized : solution - just as buying a firewall has these things going for it as : opposed to building your own. Google has the additional advantage of : billions of dollars and massive resources, and perhaps the disadvantage : of being extremely visible as well. If they spend a portion of those billions of dollars on security, sure. But like most companies, security doesn't seem to be any more 'built in from the ground up' than the next company. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
