A classic...
On Wed, Jun 5, 2013 at 9:23 PM, Kurt Buff <[email protected]> wrote: > http://tools.ietf.org/html/rfc1149 > > On Wed, Jun 5, 2013 at 6:03 PM, J- P <[email protected]> wrote: > >> ok, time to revert to the corona typewriter and the pony express for >> delivery lol >> >> >> >> >> >> >> >> >> >> >> Jean-Paul Natola >> >> >> >> ------------------------------ >> From: [email protected] >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Thu, 6 Jun 2013 00:37:33 +0000 >> >> The point I’m making is that you have no idea what: >> >> a) Advances in cryptography analysis >> >> b) Advances in computing technology >> >> will occur in the next few decades. Someone might show a working quantum >> computer in 10 years, and everything you’ve painstakingly encrypted might >> be completely insecure. Or there might be so much spare computing power >> world-wide that distributed breaking of 128bit keys might be trivial. >> >> >> >> There’s been plenty of threads here where people today have bemoaned the >> choices made by vendors 10 years ago (e.g. the hotel door locks that can be >> trivially broken now). But all the serve to do is to show how hard it is to >> make security choices with at 10+ year timeframe. >> >> >> >> I’d be **very* *wary of expressing any confidence that might current >> encryption algorithms (or any security system) is good for a decade, let >> alone many decades. >> >> >> >> Cheers >> >> Ken >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Jean-Paul N >> *Sent:* Thursday, 6 June 2013 12:01 AM >> >> *To:* [email protected] >> *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> "We" the average citizen, may never know what has actually been "hacked >> or cracked" , however, I don't see any intelligence agency or other >> government institution , exposing the fact that have the capability of >> readliy cracking an AES cipher, just to arrest "joe blow inc." and shut >> them down- this is just my opinion. >> >> >> >> >> >> >> >> >> >> >> >> Jean-Paul Natola >> >> >> ------------------------------ >> >> From: [email protected] >> >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Wed, 5 Jun 2013 13:53:34 +0000 >> >> Yeah gotta agree with Ken’s points on this one. >> >> >> >> Also AES 128 or better here. >> >> >> >> Z >> >> >> >> Edward E. Ziots, CISSP, CISA, Security +, Network + >> >> Security Engineer >> >> Lifespan Organization >> >> [email protected] >> >> Work:401-255-2497 >> >> >> >> >> >> This electronic message and any attachments may be privileged and >> confidential and protected from disclosure. If you are reading this >> message, but are not the intended recipient, nor an employee or agent >> responsible for delivering this message to the intended recipient, you are >> hereby notified that you are strictly prohibited from copying, printing, >> forwarding or otherwise disseminating this communication. If you have >> received this communication in error, please immediately notify the sender >> by replying to the message. Then, delete the message from your computer. >> Thank you. >> >> *[image: Description: Description: Lifespan]* >> >> >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *Jean-Paul N >> *Sent:* Wednesday, June 05, 2013 9:48 AM >> >> *To:* [email protected] >> *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> the app has all the options from blowfish to des , 3des etc.. >> I personally use AES 256 >> >> >> >> >> >> >> >> >> >> >> >> Jean-Paul Natola >> >> ------------------------------ >> >> From: [email protected] >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Wed, 5 Jun 2013 04:50:11 +0000 >> >> Interesting. What encryption algorithm do you use, that you can guarantee >> that it’s not going to be obsolete years, let alone decades from now? >> >> >> >> -- >> >> http://au.linkedin.com/in/kschaefer >> >> Typed on a Lenovo Helix – apologies for brevity >> >> >> >> >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *Jean-Paul N >> *Sent:* Wednesday, 5 June 2013 12:56 PM >> *To:* [email protected] >> *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> Not sure how this plays into the scheme of things, but I deal with >> offsite data backup ( for exchange, ad, file servers etc...) except someone >> gives the authorities the encryption key, they will spend decades trying to >> decrypt the data). >> ------------------------------ >> >> From: [email protected] >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Wed, 5 Jun 2013 01:40:24 +0000 >> >> Governments that “don’t play by the rules” aren’t going to be stopped on >> your company’s doorstop by some lawyers either. >> >> >> >> Governments like Russia’s can find ways to throw you in jail for decades >> and steal your multi-billion dollar company (Khordorkovsky and Yukos) >> without too much trouble. Or assassinate you if you’re not quite as high >> profile. And Russia’s government isn’t even particularly nasty in the >> global scheme of things. >> >> >> >> In fact, the only way I can see your method working is for each >> organisation to have their own data centres, with their own security guards >> and so on. Each time you contract someone else for data centre facilities >> you run the risk that they might let some “authority” in to take away your >> hardware or data. Organisations with plenty of legal firepower have been >> using 3rd party data centres for a long time, so there must be ways to >> manage this risk. I don’t know what they are, but I can assure you that >> most major banks do not own their own DC facilities in every country that >> they’re in. >> >> >> >> Cheers >> >> Ken >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *Jon Harris >> *Sent:* Wednesday, 5 June 2013 11:06 AM >> *To:* [email protected] >> *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> I am trying to point out that not all governments will play totally by >> the rules. A search warrant, at least in the states, requires some proof >> of wrong doing along with a judges blessing. The warrant I am referring to >> is just a government letter saying we want access, and would potentially >> specify that the cloud vendor not tell their client that this is happening >> the agency does not even have to get a judges blessing on the search. I >> believe there have been a number of instances where this has happened >> already but I can't site any specifically. On premise data would at least >> be safer from that kind of thing happening. It is harder to have >> government agents walk up to a door of a company and tell them 'hey we >> demand access to all of your servers so that we can snoop around and >> see what you are doing' and not have a bunch of lawyers demanding to see >> the proof of wrong doing. A cloud vendor would not be in a position until >> all the legal challenges are done to tell those same government agents 'no' >> without incurring some liability. Once all the legal challenges are done >> and the cloud vendors have all the legal contracts in place and some sort >> of protection from the potential criminal liability then the cloud would >> be to some degree safer for companies to move to it. I am not condemning >> it's use just handing out an opinion as to this movement with less than >> critical thinking by SMB's. >> >> Jon >> >> ------------------------------ >> >> From: [email protected] >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Wed, 5 Jun 2013 00:41:35 +0000 >> >> I hate to say it but I see a lot of companies regretting the decision to >> jump to the web when some gov decides it can just issue a warrant and start >> searching that businesses digital material. >> >> >> >> >> >> What does “jumping to the web” have to do with cloud? If the authorities >> can get a warrant, they can just turn up at your door and seize your paper >> files if you insist on not having anything digital. >> >> >> >> Perhaps I’m a bit confused as to whether you’re condemning (1) the use of >> digital media, (2) putting things onto the WWW, or (3) using a cloud >> provider. If it’s either (1) or (2) I think you’d have a hard time >> convincing anyone that the risks and costs outweigh the benefits. >> >> >> Cheers >> >> Ken >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *Jon Harris >> *Sent:* Wednesday, 5 June 2013 10:17 AM >> *To:* [email protected] >> *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> I hate to say it but I see a lot of companies regretting the decision to >> jump to the web when some gov decides it can just issue a warrant and start >> searching that businesses digital material. The IRS has been doing it with >> emails claiming they have the right to do it. It may not be the American >> gov that does this first (but I would not bet against it) and it will >> cost some company big time. >> >> I seem to also remember someone on the list a few months ago posting an >> article about a hack that allowed for cloud machines to be compromised if >> where were on the same hypervisor. >> >> Jon >> >> ------------------------------ >> >> From: [email protected] >> To: [email protected] >> Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers >> Date: Wed, 5 Jun 2013 00:05:46 +0000 >> >> It won’t happen overnight. But my prediction is that eventually the >> providers will, after grabbing the non-complex mass market, start going >> after industry verticals. They’ll start with the low-hanging fruit (i.e. >> smaller firms that exist in just one jurisdiction). They’ll get a bunch of >> lawyers, talk to regulators and so on, and start marketing a ‘certified’ >> solution for that industry – possibly with some level of indemnification. >> >> >> >> It’s definitely customers who are pushing the “cloud” thing – even in >> some large FSI corps that I’ve colleagues in are pushing this. They’re >> turning to their current outsourcers and asking “why can’t I get the same >> flexibility/pricing/etc from you that I can get from Amazon?” “Why does it >> take you 6 weeks to give me a server whereas Amazon can give me one in 2 >> hours?” and so on. It’s going to be a huge issue for HP/CSC/IBM, which is >> why they’re scrambling to put together their own cloud offerings. VMWare’s >> also sniffing around – touting their services business as a replacement for >> incumbent outsourcers. >> >> >> >> Cheers >> >> Ken >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *James Rankin >> *Sent:* Wednesday, 5 June 2013 1:07 AM >> *To:* [email protected] >> *Subject:* Re: [NTSysADM] RE: Microsoft's 'Blue' servers >> >> >> >> Hmmm, sounds like MS' approach is that they've decided that The Cloud is >> unavoidable, or will at least represent the "sensible choice" in future >> >> >> >> For dev and test environments, sure, and maybe smaller enterprises >> without regulatory requirements and/or no budget to spare for private >> infrastructure, but throw in any kind of data security and integrity - >> particularly anything that has implications related to storing information >> in other global jurisdictions - and I just get the feeling that it won't >> take off as much as everyone would have us believe. >> >> >> >> I'm also becoming less convinced of Microsoft's capability to respond to >> customer requirements, although to be honest that's exhibiting more in the >> consumer end at the moment than business. >> >> >> >> I'm not known as any kind of trend-predictor or tech commentator, though, >> so I'm just stating my gut feelings :-) >> >> >> >> >> On 4 June 2013 15:52, <[email protected]> wrote: >> >> They will never position it as something you HAVE to do or else (like >> Google). They are developing the technology so that when you’re ready, it >> will be ready for your needs. The Cloud leader will be the one that can >> show “why” it makes sense to move, not that moving is the only choice. >> >> >> >> Sent from Microsoft Surface Pro >> >> >> >> *From:* James Rankin >> *Sent:* Tuesday, June 4, 2013 9:33 AM >> *To:* [email protected] >> >> >> >> But the expectation is that "years later" everyone will go cloud-based of >> some sort? >> >> >> >> I can see that not flying for a lot of orgs - if MS take the "shove it >> down your throat regardless" option they did with some of the Win8 >> features, it might change the landscape somewhat >> >> >> >> Just my ill-informed and quickly-formulated opinion :-) >> >> >> >> On 4 June 2013 15:27, Michael B. Smith <[email protected]> wrote: >> >> Microsoft wants to drive you to the cloud. >> >> >> >> Some people will settle on a single version of the software and then move >> years later. There is no ostensible requirement to keep pace with Microsoft. >> >> >
<<image001.jpg>>
