flat assembler
Message board for the users of flat assembler.

flat assembler > Heap > Cloud computing. Who is in control?

Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16578
Location: Earth 2.0 beta
drhowarddrfine wrote:
How do you not have control?
Erm, because someone else has access to your data.
drhowarddrfine wrote:
That's true of everything.
No, those things are only true if you allow your data to be stored by others.
drhowarddrfine wrote:
If a government really wants to get at your data, if it's on the internet in any way shape or form, they can get it. Cloud computing does not change that.
Cloud computing is that. That is precisely what cloud computing is, putting your data on the Internet. If you don't put it there then that is one less path for anyone to follow to get it.

But it is not just governments here; spouses, parents, siblings, bosses, employees, hackers, everyone can potentially get it. Why make your data a larger target by deliberately putting it on the Internet? Duh! Keep it private and reduce your attack space to just your own machines.
Post 22 Aug 2009, 13:06
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2468
Location: Bucharest, Romania
drhowarddrfine wrote:
if it's on the internet in any way shape or form, they can get it.
Any shape or form? Are you sure?

they must have some awesomely super computers to break a private-key encryption with 256 bits and a military-grade password. Or be extremely lucky. Shocked

_________________
Previously known as The_Grey_Beast


Last edited by Borsuc on 23 Aug 2009, 17:53; edited 1 time in total
Post 22 Aug 2009, 15:16
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
revolution wrote:
drhowarddrfine wrote:
How do you not have control?
Erm, because someone else has access to your data.
drhowarddrfine wrote:
That's true of everything.
No, those things are only true if you allow your data to be stored by others.
drhowarddrfine wrote:
If a government really wants to get at your data, if it's on the internet in any way shape or form, they can get it. Cloud computing does not change that.
Cloud computing is that. That is precisely what cloud computing is, putting your data on the Internet. If you don't put it there then that is one less path for anyone to follow to get it.

But it is not just governments here; spouses, parents, siblings, bosses, employees, hackers, everyone can potentially get it. Why make your data a larger target by deliberately putting it on the Internet? Duh! Keep it private and reduce your attack space to just your own machines.
Governments, spouses, parents, siblings, burglars, etc could all just access your computer directly. If anything, the security in your home is probably less than in most major datacenters.

The whole point is moot though if you encrypt your sensitive data. Problem solved.

P.S. be sure to use a good encryption like Rijndael or Serpent.
Post 23 Aug 2009, 00:58
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
Azu wrote:

The whole point is moot though if you encrypt your sensitive data. Problem solved.
Nope. If the government wants to get at your data, they will.

Let's defines what you mean by "data". Some have said they don't want to put their data in someone else's hands because they lose control but what do you do when you write a letter? Are you still using the post office or do you email it? If you email it, do you feel no one can or will try and read it?

If you're talking about your company's financials in a spreadsheet, do you think Google is going to be glossing over them? How long do you think Google will be in business once the word gets out that they read those things?

A number of decades ago, there was a big deal in the newspaper when it was discovered that some Bell Telephone techs, at a central office somewhere, would tap into phone conversations and play them on a speaker. There was a huge deal made out of it, with the FBI and every other letter involved. The same is true if someone at the post office were to try and open your private letters.

Now, the internet is not regulated the same way but I'll ask again: who thinks Google or Intuit or Zoho or any like company will stay in business if it was known they pried into your personal data?
Post 23 Aug 2009, 01:30
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16578
Location: Earth 2.0 beta
When you are being specifically targeted the attackers will probably find a way no matter what you do. The bigger problem is the data conglomeration. A large data-centre may indeed have better physical security than someone's house but that doesn't matter because what is being protected is worth a lot more than one person's single PC. What is being protected is (say) thousands or millions of people's data. The desire to break in (either physically or electronically) is going to be much greater. The reward for successfully penetrating the security is so much greater. Therefore there will be multiple attackers trying to get the data. Guards can be bribed, programmers can be bribed, guards can be immobilised, programmers can make mistakes, employees can be corrupt, etc. And because the rewards are higher then the attackers are more persistent and there will be more of them.

Nobody will be interested to steal revolution's data unless they know in advance that there is something useful to them. Too much effort for little or possibly no reward. But if revolution then uploads that data to a data-centre, then anyone that manages to break in (and it will happen, nothing it 100% safe) will find revolution's data (and everyone else's data) and see and/or sell whatever company/personal/business information that they want. There is no sense in revolution having data local AND on a remote server, that just makes two possible points of vulnerability.

Cloud computing encourages people to upload data in a unencrypted form, this is not just some data storage service where you load your encrypted backups, this is live active data that you work with on the remote server through a network connection. The CC company may promise that all data is stored encrypted but that means nothing really. They also have the keys stored there else how could they let you see your data. It is like putting your house key under the welcome mat and hoping no one notices.
Post 23 Aug 2009, 01:34
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
drhowarddrfine wrote:
Azu wrote:

The whole point is moot though if you encrypt your sensitive data. Problem solved.
Nope. If the government wants to get at your data, they will.

Let's defines what you mean by "data". Some have said they don't want to put their data in someone else's hands because they lose control but what do you do when you write a letter? Are you still using the post office or do you email it? If you email it, do you feel no one can or will try and read it?

If you're talking about your company's financials in a spreadsheet, do you think Google is going to be glossing over them? How long do you think Google will be in business once the word gets out that they read those things?

A number of decades ago, there was a big deal in the newspaper when it was discovered that some Bell Telephone techs, at a central office somewhere, would tap into phone conversations and play them on a speaker. There was a huge deal made out of it, with the FBI and every other letter involved. The same is true if someone at the post office were to try and open your private letters.

Now, the internet is not regulated the same way but I'll ask again: who thinks Google or Intuit or Zoho or any like company will stay in business if it was known they pried into your personal data?
What do you mean by "Nope"? Do you mean "Google can crack 14 round 256-bit Rijndael"?

What do you mean by "Are you still using the post office or do you email it? If you email it, do you feel no one can or will try and read it?"? Do you mean "If you mail a letter, no one can intercept it"? Or do you mean "I have a way to encrypt letters sent through the post office better than computers can encrypt emails"?
Post 23 Aug 2009, 01:36
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16578
Location: Earth 2.0 beta
drhowarddrfine wrote:
Let's defines what you mean by "data". Some have said they don't want to put their data in someone else's hands because they lose control but what do you do when you write a letter? Are you still using the post office or do you email it? If you email it, do you feel no one can or will try and read it?

If you're talking about your company's financials in a spreadsheet, do you think Google is going to be glossing over them? How long do you think Google will be in business once the word gets out that they read those things?

A number of decades ago, there was a big deal in the newspaper when it was discovered that some Bell Telephone techs, at a central office somewhere, would tap into phone conversations and play them on a speaker. There was a huge deal made out of it, with the FBI and every other letter involved. The same is true if someone at the post office were to try and open your private letters.

Now, the internet is not regulated the same way but I'll ask again: who thinks Google or Intuit or Zoho or any like company will stay in business if it was known they pried into your personal data?
But once your data is compromised it is compromised forever. You can't hide behind excuses like "oh never mind, Google is now in everyone's evil thoughts". The fact is you have still lost your data, you can't get it back, it is out there.

We all take chances when we post mail. The post office already tells people not to post cash or valuables. The same with data, don't post anything valuable on public servers. But this seems to escape people, they don't realise that their data is actually valuable.
Post 23 Aug 2009, 01:40
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
revolution wrote:
When you are being specifically targeted the attackers will probably find a way no matter what you do. The bigger problem is the data conglomeration. A large data-centre may indeed have better physical security than someone's house but that doesn't matter because what is being protected is worth a lot more than one person's single PC. What is being protected is (say) thousands or millions of people's data. The desire to break in (either physically or electronically) is going to be much greater. The reward for successfully penetrating the security is so much greater. Therefore there will be multiple attackers trying to get the data. Guards can be bribed, programmers can be bribed, guards can be immobilised, programmers can make mistakes, employees can be corrupt, etc. And because the rewards are higher then the attackers are more persistent and there will be more of them.

Nobody will be interested to steal revolution's data unless they know in advance that there is something useful to them. Too much effort for little or possibly no reward. But if revolution then uploads that data to a data-centre, then anyone that manages to break in (and it will happen, nothing it 100% safe) will find revolution's data (and everyone else's data) and see and/or sell whatever company/personal/business information that they want. There is no sense in revolution having data local AND on a remote server, that just makes two possible points of vulnerability.

Cloud computing encourages people to upload data in a unencrypted form, this is not just some data storage service where you load your encrypted backups, this is live active data that you work with on the remote server through a network connection. The CC company may promise that all data is stored encrypted but that means nothing really. They also have the keys stored there else how could they let you see your data. It is like putting your house key under the welcome mat and hoping no one notices.
I really doubt it would be possible, yet alone financially viable, to brute-force decrypt countless petabytes of unknown binary data when you don't even have any way to know which parts are encrypted with which algorithms..

Wouldn't it be more profitable and easier to crack, say, top secret government information (which we know is encrypted with either AES-196 or AES-256), and sell it to other governments?
Post 23 Aug 2009, 01:47
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2468
Location: Bucharest, Romania
Azu wrote:
Governments, spouses, parents, siblings, burglars, etc could all just access your computer directly. If anything, the security in your home is probably less than in most major datacenters.
Not exactly mate. How can they get in my computer when I disabled all remote network access and a lot of "advanced network features" also (something which is unlikely to find in servers) -- that is, without a virus obviously. Also to get through the firewall.

For a public server, all they have to do is enter a password and username -- if they get lucky they can access the data.

Now where can they enter this password and username to access my computer? (without going into my house obviously!).

Azu wrote:
P.S. be sure to use a good encryption like Rijndael or Serpent.
I thought Blowfish was the standard as a good one, is it weak?


Let's be more practical. Sites are hacked. Even fasm was. My computer hasn't. Actually it can't, without a virus that is. I think I have much better security than a server, after all, you can get in a server with a virus, SQL injection for poor ones, a flaw in remote access, a password (maybe guess-work? but anyway it is a possibility on top of the others!), and did I mention a virus?

On the other hand, there is only one way to get into my computer: a virus.

So who has better security?

_________________
Previously known as The_Grey_Beast
Post 23 Aug 2009, 17:57
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
I read once that the NSA/CIA or someone like them has a listening device that could listen to the RF energy emitted by a computer and determine what was being done at the time. That's all I remember so if it is bunk then I think it's still a cool idea.
Post 23 Aug 2009, 19:13
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Borsuc wrote:
Azu wrote:
Governments, spouses, parents, siblings, burglars, etc could all just access your computer directly. If anything, the security in your home is probably less than in most major datacenters.
Not exactly mate. How can they get in my computer
Physically. The same way they supposedly get to the datacenter computers. Except no troublesome guards or security cameras.

Borsuc wrote:
Azu wrote:
P.S. be sure to use a good encryption like Rijndael or Serpent.
I thought Blowfish was the standard as a good one, is it weak?
I thought Blowish evolved into Twofish?

Borsuc wrote:
Let's be more practical. Sites are hacked. Even fasm was. My computer hasn't. Actually it can't, without a virus that is. I think I have much better security than a server, after all, you can get in a server with a virus, SQL injection for poor ones, a flaw in remote access, a password (maybe guess-work? but anyway it is a possibility on top of the others!), and did I mention a virus?

On the other hand, there is only one way to get into my computer: a virus.

So who has better security?
I didn't know there were viruses in the wild that cryptanalyzed random chunks of binary, found out what they were encrypted with (Rijndael, Serpent, Twofish, whatever), and cracked them..

I'm also not sure what SQL injection has to do with this.

Nor am I sure why you assume that whatever protective measures the big datacenters will fail but yours won't.

Could you please explain?
Post 24 Aug 2009, 03:25
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2468
Location: Bucharest, Romania
Azu wrote:
Physically. The same way they supposedly get to the datacenter computers. Except no troublesome guards or security cameras.
I was talking about non-physical access obviously.
With SQL injection you can get admin rights (if it's very poorly secured), so thus you get control over the server.

You can't do that to my computer though.

Azu wrote:
I didn't know there were viruses in the wild that cryptanalyzed random chunks of binary, found out what they were encrypted with (Rijndael, Serpent, Twofish, whatever), and cracked them..
Let me repeat this.
How do I, Borsuc, get access to my data uploaded on Google, for example?

huh? that's right, by entering a username & password, from any location on the Earth. I don't have to get in Google's office to access it!

what happens if someone, not a virus, guesses this password?

I'm not saying that they will, or that I choose weak passwords, but this form of breaking in does not exist on my home computer, therefore it has more security (unless you can name some other, non-physical weaknesses that only mine has, and the central database doesn't).

_________________
Previously known as The_Grey_Beast
Post 24 Aug 2009, 15:55
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Borsuc wrote:
Azu wrote:
Physically. The same way they supposedly get to the datacenter computers. Except no troublesome guards or security cameras.
I was talking about non-physical access obviously.
With SQL injection you can get admin rights (if it's very poorly secured), so thus you get control over the server.

You can't do that to my computer though.
I was replying to someone complaining about physical security problems with datacenters, so if you are to refute my reply, you will need a refutation based on physical security, not "maybe there is a really bad bug in their software".

Borsuc wrote:
Azu wrote:
I didn't know there were viruses in the wild that cryptanalyzed random chunks of binary, found out what they were encrypted with (Rijndael, Serpent, Twofish, whatever), and cracked them..
Let me repeat this.
How do I, Borsuc, get access to my data uploaded on Google, for example?

huh? that's right, by entering a username & password, from any location on the Earth. I don't have to get in Google's office to access it!

what happens if someone, not a virus, guesses this password?

I'm not saying that they will, or that I choose weak passwords, but this form of breaking in does not exist on my home computer, therefore it has more security (unless you can name some other, non-physical weaknesses that only mine has, and the central database doesn't).
The username and password for your account should be different than the encryption key you encrypted your file(s) with. Problem solved.
Post 24 Aug 2009, 16:01
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
kalambong



Joined: 08 Nov 2008
Posts: 165
Cloud computing will have its users

Most people in this world we live in don't care who is reading their data, stealing their ID and so on, those are the one Cloud Computing serves

As for those of us who do care about our own privacy, nope, I'll take care of my own data, thank you

But then, not all our data are under our own country --- like medical records, for instance --- that's where the argument is all about

Do we have the right over our own data out there?
Post 25 Aug 2009, 09:46
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
kalambong wrote:
Cloud computing will have its users

Most people in this world we live in don't care who is reading their data, stealing their ID and so on, those are the one Cloud Computing serves

As for those of us who do care about our own privacy, nope, I'll take care of my own data, thank you

But then, not all our data are under our own country --- like medical records, for instance --- that's where the argument is all about

Do we have the right over our own data out there?
I somehow doubt the people who have no problem cracking AES-256 will have any problem breaking into your house, killing you, and taking your computer.
Post 26 Aug 2009, 00:28
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2468
Location: Bucharest, Romania
Except that cracking encryption makes them anonymous and you wouldn't even KNOW if they did it.

_________________
Previously known as The_Grey_Beast
Post 26 Aug 2009, 00:51
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Some uber government facility with technology you could never have even dreamed of.. what more do you need to know? I'm pretty sure once you're being specifically targeted by that, you're already done for.
Post 26 Aug 2009, 00:53
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16578
Location: Earth 2.0 beta
This time it appears to be human error. But this is just one of the things that can affect access to your data if you store them online.

Google blames Gmail outage on server maintenance
"We know how many people rely on Gmail for personal and professional communications, and we take it very seriously when there's a problem with the service," Ben Treynor, Google's "Site Reliability Czar," said in a blog post.

...

The hour-long outage affected Web surfers not only in the United States but in other countries and numerous other services including Google Reader, Google Maps, Google Analytics and video-sharing site YouTube.
Post 02 Sep 2009, 18:36
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2335
Location: Usono (aka, USA)
While I did notice a blip in Gmail yesterday, it's back to normal today. Honestly, an "hour-long outage" is hardly cause for alarm. Besides, it's free, so it's pretty hard to complain. (And don't they have some way to download your mail to read offline? I think so.)
Post 02 Sep 2009, 18:41
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
They do.

And their uptime is better than my power company (which costs money, is much more important, and is the only one available to me). That says something very bad about the U.S. power grid, or very good about Google. Possibly both. Confused


Last edited by Azu on 02 Sep 2009, 20:18; edited 1 time in total
Post 02 Sep 2009, 18:54
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8, 9  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.