Collaborate Disseminate
I found in my Google admin logs that someone from outside my organization is trying to log in frequently by testing all our user accounts against weak passwords. I’m wondering how could that happen?
How did he manage to get the correct lis… Continue reading How could attacker know user names of my Google Workspace?
I found in my Google admin logs that someone from outside my organization is trying to log in frequently by testing all our user accounts against weak passwords. I’m wondering how could that happen?
How did he manage to get the correct lis… Continue reading How could attacker know user names of my Google Workspace?
Microsoft is planning to make some changes to the way… Continue reading Microsoft to Make Changes to Cloud Licensing Restrictions after Customer Complaints
In creating an app Engine firewall rule, we need the priority number.
While adding a new rule to the firewall our code checks a database for the latest priority number on the console and calculates the next number by incrementing the same…. Continue reading While creating App Engine firewall rules, How to get get Max existing firewall priority from the rule list [migrated]
Background
I am looking to have a Cloud Storage bucket that is not publicly accessible for images. Then my plan was to sign any image URL on the website to authorize it for a short period of time (~30 seconds) when the user loads a page. T… Continue reading Google Cloud Storage Service Account Key Management for Signed URLs
One of the ways to secure a cloud environment is to monitor all of the assets that we have. Recently, I made a script to get information regarding those assets by using GCP API, but I need to do it one by one, for each asset by using the d… Continue reading Possible exposable asset type on Google Cloud [migrated]
Is it possible to use Private Certificate Authority based on Microsoft Windows Servers for protection SSL/TLS connections in FedRAMP environment on Google Cloud?
Continue reading Google Cloud and Private CM on Microsoft Windows and FedRamp compliance for TLS
I am using let’s encrypt to generate a certificate. It contains ‘fullchain.pem’ and ‘privkey.pem’. should I treated the let’s encrypt fullchain.pem as a public key? I find the public key certificate format as same with the fullchain.pem. … Continue reading should I treated the let’s encrypt fullchain.pem as a public key
I am using let’s encrypt to generate a certificate. It contains ‘fullchain.pem’ and ‘privkey.pem’. should I treated the let’s encrypt fullchain.pem as a public key? I find the public key certificate format as same with the fullchain.pem. … Continue reading should I treated the let’s encrypt fullchain.pem as a public key
An independent security auditor discovered many open ports by using nmap while auditing a web service deployed on GCP. The service is a Cloud Run instance behind an HTTP(s) load balancer. The auditor wants to flag these as risks in the aud… Continue reading How to perform security audit of a web service that uses google cloud’s external HTTP(s) load balancer?