In brief, some cool links:
Rational Survivability is a very readable blog focusing on the timely issue of cloud security. I especially liked yesterday’s entry: Private Clouds: Even A Blind Squirrel Finds A Nut Once In A While which discusses the differences between a private, public, managed and hybrid clouds calling out the level of trust you should place in each. I also enjoyed one from last month on How to be PCI compliance in a cloud…. What I like most about this blog is the clear and rational dissection of the technology and hype around cloud security expressed in a fairly sassy, funny, non-mean tone.
Wietse Venema’s RFC for PHP taint. Added a TODO to my list to try this out and see whether I can still get my blog to run.
A few noteworthy developerWorks articles:
Ramon de Carvalho Valle has a two part series on triggering buffer overflows on Power and Cell B.E:
LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 1: Understanding buffer overflow issues for Linux on Power-based systems
LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 2: Discovering how buffer overflow mechanisms work for Linux on Power-based systems
I’m hoping that he produces a third part to this series discussing overcoming buffer overflows on Power and Cell B.E.
Serge Hallyn has written yet another excellent security article on developerWorks, this time on Secure Linux containers cookbook. What I liked about this article is that he included the recipe for containing containers using Smack.