FW: Bruce Schneier on Google Apps. Do you trust Google?

[Dirk Brockhausen <dirk () fantomaster com>]

> First, I don't trust Google.
...
> (Yes, sent from a gmail account...)

So at least you know that you're using a Gmail account.

Anyway, if you like to keep your privacy then I would never
use a Gmail account.

But you are not alone, sadly...

Show me 10 Black Hat SEOs who are NOT using a Gmail account...

Dirk (@fantomsurfer from fantomaster.com)

> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
> Sent: Tuesday, July 28, 2009 3:39 PM
> To: security-basics () securityfocus com
> Subject: Re: Bruce Schneier on Google Apps. Do you trust Google?
>
> First, I don't trust Google. I haven't trusted Google since shortly
> after they went public. At which point they answer to a whole lot of
> other people whose only goal is to make money, and not necessarily
> espouse the vision of "do no evil." There is money to be made by
> gathering information and selling it or at least using it to sell other
> services to targeted audiences. Sorry, but I don't trust people enough
> to not devolve that in the aim of greed. I like my privacy (even for
> silly things like my purchasing or searching habits).
>
> And that says nothing about the integrity of any Google employee.
>
>
> Second, I'm not sold on the "cloud" idea. I think many orgs are
> frustrated with their array of homegrown internal apps and software
> cobbling business processes together. The "cloud" seems like a nice
> thing (a case of the grass being greener on the other side), but orgs
> will get just as frustrated with it given time with it. They can't be
> as agile, quick, or customized without paying a high price. They can't
> answer questions on how it works or have any reliable assurance of
> security, integrity, or availability. Orgs want to treat this like a
> utility that is just always on, but it's far too complicated and unique
> per org to pigeonhole like that.
>
> The only exceptions I immediately see will be "commoditized" stuff that
> is similar across multiple customers. But then you run the risk of the
> system being changed and you just have to live with it (like Twitter
> changing replies or Facebook changing it's interface). Or being down
> and you have to just wait (Salesforce, or again Twitter).
>
> And, of course, everything like that is pretty much already in place
> under different names (for instance, we've called this "the web" for a
> long time [yes the sarcasm is thick in this paragraph])...which means
> "cloud" is just marketing rebranding for those segments. A gross
> bastardization (misunderstanding?) of "distributed computing."
>
> I don't always agree with Schneier; I can think for myself, but in this
> case I agree with him.
>
> (Yes, sent from a gmail account...)
>
>
>
> <- snip ->
> "Security is about who you trust," Schneier said. "Do you trust Google
> more than your sysadmin? Do you trust Google Docs more than Microsoft
> Office?"
>
> "Trust is social," he said. "It's not technical."
>
> Read more:
> http://latimesblogs.latimes.com/technology/2009/07/security-expert-on-
> go
> ogle-apps-is-google-trustworthy.html
>
> I trust that a Google Employee, whose sole function is to maintain the
> system, will ensure that the system is secure, patched and up-to-date.
> It is simply about Reputational risk. Reputational risk (damage to an
> organization through loss of its reputation or standing), can arise as
> a consequence of operational failures. Every company understands
> reputational risk, particularly businesses who regard their brand as
> one of their most critical assets. Google is one of them. They have a
> reputation to maintain.
>
> Note: I posted the following as a comment to the aforementioned
> latimes blogpost, so it may be a repeat for some folks.
>
> -----------------------------------------------------------------------
> -
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate.  We look at how SSL works, how it benefits your
> company and how your customers can tell if a site is secure. You will
> find out how to test, purchase, install and use a thawte Digital
> Certificate on your Apache web server. Throughout, best practices for
> set-up are highlighted to help you ensure efficient ongoing management
> of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be44
> 2f727d1
> -----------------------------------------------------------------------
> -


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------