Cloud poses a risk to privacy that you cannot and must not ignore in business. Ignore everyone that says otherwise. --- If you are a fabless company, for example, it is easy for a cloud sysadmin to exploit the latest vulnerabilities to read your data bank and sell your secrets. Email (yahoo, hotmail, gmail, you name it) is another example of cloud service: sysadmins do not need to exploit anything, because the contents are stored in plain text. --- If you need a cloud, you better make your own.
Sent from ProtonMail Mobile On Thu, Mar 8, 2018 at 11:51, Kevin Chadwick <m8il1i...@gmail.com> wrote: > We all know Bare metal is more secure (ignoring physical security) especially > with OpenBSD but if you need cost effective global resources on tap then I > believe you need cloud. We all know microsoft have a huge user base and > userland issues that are problematic however despite some recent Linux kernel > mitigation adoption attemps, Linux focus on kernel mitigations have been > lacklustre whilst microsoft have been comparatively active albeit enabling > and enforcing mitigations (even ASLR) for all applications by default has > been lacklustre. As cloud services are free from microsofts userland it is a > *hopeful* assumption that their security mitigation works applies to their > cloud too whereas I expect it is unlikely with Amazon and Google (AFAIK > Android fairs better than Linux for mitigations due to Google however??) > Perhaps OpenBSD mitigations still apply effectively to ec2 instances and > cloud services isolation is good enough to never undermine this, though I > find that hard to believe. Perhaps new processor developments will solve this > issue. None of this matters if you cannot get things done. I know there is > OpenBSD AWS client availability but I am unsure about Azure, Google etc. Any > advice and experience is welcome, Thankyou.
