Re: Suggestion for a webmail application with good Hebrew Support

Tue, 18 Aug 2009 06:21:58 -0700 

Danny Lieberman wrote:

Shachar, Geoff
b) the threat probability of one of our operations getting a US court injunction is so low that I don't even bother with security countermeasures. OTOH - the threat of dos/web defacing/site downtime/poor response time is high enough that we considered and eventually deployed outsourced services for messaging and hosting. We use slicehost, rackspace.com <http://rackspace.com> and Google Apps. Dev servers are inhouse.
Your threat level rises significantly when you use free services. If you are going to be using Google's services for your business, my recommendation is that you find a route in which you pay them for it. The logic is that by paying them, you are creating accountability of them to you. Many of the privacy concerns diminish significantly as a result.
I'll add that, specifically with Google, the amount of concentrated cross-referencable personal info is what bothers me the most.
>>> Apropos - My personal estimate is that the probability of a privacy breach is higher in the Israeli Ministry of Defense than in GooglePlex. 


Not when my own servers are involved. At least not without my knowledge.


d) We deploy security countermeasures to protect assets:
0) We don't use Google docs, Never.
So you are, essentially, saying that you agree with me to a degree, but don't go quite as far. 
3) we physically destroy hard disks (it's fun...)


That I'm curios about. What do you specifically do to destroy the hard disk?
The way I see it, either you believe that "recover seven generations" is not possible (like some do), in which case just do "dd if=/dev/urandom of=/dev/sdb" followed by "dd if=/dev/zero of=/dev/sdb" (or just settle for the later), or you believe that it is possible, in which case the only solution I know of is melting the drive's plates. Personally, I don't have any way to do the later, so I just do the former and hope that my attackers don't have the $100K+ it allegedly requires to recover the data. 

Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com


_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Reply via email to