|
Alex J
Anon
2012-Aug-17 12:43 pm
Good Thing...Good thing that meager 500 MB offering is so pathetic in the age of new cloud storage options nobody was probably using it. |
|
jjoshua Premium Member join:2001-06-01 Scotch Plains, NJ |
jjoshua
Premium Member
2012-Aug-17 12:43 pm
When will they learn...You must never store passwords. |
|
jmn1207 Premium Member join:2000-07-19 Sterling, VA |
jmn1207
Premium Member
2012-Aug-17 12:51 pm
I've been using LastPass for my password control to add an additional layer of security. |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN
1 recommendation |
Kilroy
MVM
2012-Aug-17 1:02 pm
Nothing like giving up the keys to the kingdomsaid by Letter : The database that was accessed contained information you would have entered when you first created your account, including your name, e-mail address, user ID and password, your hint question/answer, and if you ever purchased more storage, possibly your billing address.
In short we were not practicing good security by storing your user name and password in clear text instead of salted and hashed. These days it doesn't matter how good your password is, if fools like this give it away. |
|
b10010011Whats a Posting tag? join:2004-09-07 united state
1 recommendation |
Another example why "The Cloud" is a bad idea.Even worse a local accounting firm that fell hook line and sinker for cloud services was crippled for three days when Amazon's cloud went down.
They learned their lesson the hard way and have since abandoned all could based services. |
|
|
Come on !You all missed the obvious ! Safe Storage was not so safe ! Well at least with 500 megs we can say it really wasn't much for them to lose |
|
koitsu MVM join:2002-07-16 Mountain View, CA Humax BGW320-500
|
to b10010011
Re: Another example why "The Cloud" is a bad idea.said by b10010011:Another example of why "The Cloud" is a bad idea. This this this! In Slashdot terms: mod parent up. Users should always have full ownership (thus full control) of their data, not some random online entity. This is why I advocate people do their own backups to media they themselves own and have physical control over. That said, I should note I do not have a problem with services like rsync.net because the overall demographic is different and they're less of a "black box" than these weird online "cloud" or "cloud-esque" providers -- but I still would not use them for data which I consider extremely important or mission-critical. |
|
Dominokat"Hi" Premium Member join:2002-08-06 Boothbay, ME |
I didn't even know... this existed on Time Warner. Not that I'd use it anyway. I don't trust "cloud" based systems. |
|
|
to BosstonesOwn
Re: Come on !said by BosstonesOwn:You all missed the obvious ! Safe Storage was not so safe !
Well at least with 500 megs we can say it really wasn't much for them to lose The way I understand it the use of 'safe' within this context is to provide data resiliency not data security, who cares is some hacker got hold of your Grandmother's Christmas pictures. But you are right this should have never happened and passwords should have been salted, hashed and placed in a different server. |
|
|
etaadmin |
to Dominokat
Re: I didn't even knowsaid by Dominokat:... this existed on Time Warner. Not that I'd use it anyway. I don't trust "cloud" based systems. Correct, who in their right mind use 'cloud' services to store security sensitive information it is just a magnet for hackers, criminals and state sponsored spying. |
|
|
MxxCon join:1999-11-19 Brooklyn, NY ARRIS TM822 Actiontec MI424WR Rev. I
|
to b10010011
Re: Another example why "The Cloud" is a bad idea.said by b10010011:Even worse a local accounting firm that fell hook line and sinker for cloud services was crippled for three days when Amazon's cloud went down.
They learned their lesson the hard way and have since abandoned all could based services. "Amazon's cloud went down" is an ignorant and blatant lie. Amazon Web Services has more than 30 different and separate services. I can guarantee on the life of your children and parents that the whole Amazon "cloud" DID NOT go down. Amazon Web Services provides all the tools necessary to create a highly available, redundant and secure infrastructure that can continue to function if there's an outage in a specific datacenter, availability zone, geographic region or a continent. If somebody is using AWS and they experienced an outage, it's their own damm fault for not following best-practices in creating a reliable and redundant setup. If some idiot jumped from a plane with a single parachute, no backup and died, do you blame the whole skydiving industry for the actions of that idiot even though everybody told him to pack a backup? |
|
MxxCon |
to BosstonesOwn
Re: Come on !said by BosstonesOwn:You all missed the obvious ! Safe Storage was not so safe ! Sure it is safe. Your data is still in that safe, banker just lost the keys to it. |
|
MxxCon |
to etaadmin
Re: I didn't even knowsaid by etaadmin:said by Dominokat:... this existed on Time Warner. Not that I'd use it anyway. I don't trust "cloud" based systems. Correct, who in their right mind use 'cloud' services to store security sensitive information it is just a magnet for hackers, criminals and state sponsored spying. Ignorant much? I guess you don't know that many insurance and financial institutions store their documents using "cloud" services. It is extremely ignorant of you to condemn the whole industry because some idiots do not know the basics of security. Do you even what is this "cloud" means? Doesn't seem like it. |
|
koitsu MVM join:2002-07-16 Mountain View, CA Humax BGW320-500
|
to MxxCon
Re: Another example why "The Cloud" is a bad idea.MxxCon , I am in full agreement that the likelihood of a highly diversified cloud service (like AWS) going completely offline -- that is to say, EVERY geographic region going down -- is pretty unlikely. However, there have been a few documented cases of entire AWS geographic regions going down: * 2012/03/15 -- EC2 east region -- reference* 2012/03/26 -- Amazon EC2 -- referenceI haven't seen anything on the outages mailing list (I'm subscribed) about AWS issues since then. I'd have to check NANOG as well to see if there were reports there too. |
|
RedCaliSS Premium Member join:2004-08-21 Murrieta, CA |
to etaadmin
Old Old Schoolahh hell I'm old, and believe in old school practices.. I even have Tape Drives to backup my backups.. and LTO Ultrium 5 drives ain't cheap but in instances like this, I'm glad I popped for one in my personal 8 TB NAS I created. I do NOT trust the "cloud". never have never will. 50+ years of stuff now digitized, stored and backed up.
Long Live the Commodore 64!!! |
|
1 recommendation |
to MxxCon
Re: I didn't even knowsaid by MxxCon:Ignorant much? I guess you don't know that many insurance and financial institutions store their documents using "cloud" services. Dumb me... of course "many insurance and financial institutions store their documents using "cloud" services" I feel so much safer now. Thanks!... wait I'm talking to a Gorilla. |
|
|
Hold On!You guys fell for that email? TWC/Insight said it was fake and to delete it. |
|
|
AnonMe to MxxCon
Anon
2012-Aug-17 3:04 pm
to MxxCon
Re: Another example why "The Cloud" is a bad idea.If you were one of those Amazon customer's in the unfortunate geographic region who couldn't access any of your data, from your propective, "The Amazon Cloud was down." |
|
MxxCon join:1999-11-19 Brooklyn, NY ARRIS TM822 Actiontec MI424WR Rev. I
|
to koitsu
Yes, a region can go down, but again, AWS offers people all the tools necessary to create an infra that can survive a region failure. If they did not implement and such an outage was unacceptable to them, its their own fault.
And I doubt that "a local accounting firm" would be using a bare-bones EC2 anyway. It would be either S3 or some seller. If it's a seller that had 3 day long outage, then again, don't blame Amazon or "cloud" for actions of one incompetent company! |
|
skeechanAi Otsukaholic Premium Member join:2012-01-26 AA169|170 1 edit |
to MxxCon
Re: I didn't even knowSo what, just because financial institutions use cloud storage doesn't make it safe.
Fact is you never know which idiots are running which services. Smart today, idiot tomorrow. |
|
b10010011Whats a Posting tag? join:2004-09-07 united state |
to MxxCon
Re: Another example why "The Cloud" is a bad idea.said by MxxCon:"Amazon's cloud went down" is an ignorant and blatant lie. Whatever... The cloud service they were purchasing from Amazon was unavailable for three days. Call it what you will but from this businesses perspective Amazon's cloud was down. |
|
MxxCon join:1999-11-19 Brooklyn, NY ARRIS TM822 Actiontec MI424WR Rev. I
|
to AnonMe
said by AnonMe :If you were one of those Amazon customer's in the unfortunate geographic region who couldn't access any of your data, from your propective, "The Amazon Cloud was down." Actually, I was one of those customers that got affected by east coast outage. We were not down because we had infra setup on the west coast and in Singapore. And "amazon cloud" was not down. Only a specific service was, EC2 and EBS. |
|
MxxCon |
to skeechan
Re: I didn't even knowIf you implement redundant TNO, any service is good. |
|
cork1958Cork Premium Member join:2000-02-26 |
to jjoshua
Re: When will they learn...said by jjoshua:You must never store passwords. Stored passwords? Never done such a thing. Not that much of a lame brain to count on some outside/third party thing to do that for me. I know how to all by myself. Exactly why I'll never use cloud crap for anything remotely useful! |
|
skeechanAi Otsukaholic Premium Member join:2012-01-26 AA169|170 1 edit |
to MxxCon
Re: I didn't even knowsaid by MxxCon:If you implement redundant TNO, any service is good. Not necessarily. Let's look at consumer grade cloud services. At Dropbox you had an update pushed that turned off proper authentication requirements. The service was still up for everyone, but unfortunately ANY PASSWORD got you into an account. Everyone's account was exposed. I would consider that a bit problematic. Redundancy doesn't protect the contents of your data from anything other than loss. That is no solace when it comes to sensitive or semi-sensitive data. And it is not always convenient to encrypt everything prior to upload to a cloud service (eg an app tied to service doesn't support encryption before upload). Having to do so can defeat the convenience or even purpose of having the service. |
|
MxxCon join:1999-11-19 Brooklyn, NY ARRIS TM822 Actiontec MI424WR Rev. I
1 recommendation |
MxxCon
Member
2012-Aug-18 12:24 am
You are confusing a few different concepts here. TNO is short of "trust no one", a security concept where you, yourself make sure that the data is encrypted and you control all the encryption and decryption mechanisms. EncFS and BoxCryptor are such examples. TrueCrypt is another one. Yes, I agree with you that Dropbox has horrible security track record. I personally don't use, will not use it and will strongly encourage everybody not to use it. You are also mixing up storage with synchronization services. But even if you use dropbox, you can use the above listed products to make sure that your files are secure. |
|
|
AnonFTW to koitsu
Anon
2012-Aug-18 7:50 am
to koitsu
Re: Another example why "The Cloud" is a bad idea.Any engineer worth his salt who is hosting with AWS would set up redundancy in two, very geographically redundant, regions.
The fact several high profile sites didn't and went down along with a single AWS region just proves they should invest more money into infrastructure talent.
There is nothing wrong with "the cloud" as long as your provider is half-way competent.
Disclaimer: I am a SaaS cloud engineer. We don't host with AWS and we have geographic redundancy via BGP. |
|
AnonFTW |
AnonFTW to skeechan
Anon
2012-Aug-18 7:53 am
to skeechan
Re: I didn't even knowFunnily enough, Dropbox is hosted with AWS. |
|
michieru Premium Member join:2009-07-25 Denver, CO |
to jmn1207
Re: When will they learn...» threatpost.com/en_us/blo ··· h-050511I was interested in LastPass till I read this, and after that one article it was enough to convince me not to store any such data online period. It's a inconvenience but better than changing over 50 logins. |
|
skeechanAi Otsukaholic Premium Member join:2012-01-26 AA169|170 2 edits |
to MxxCon
Re: I didn't even knowAs I have already stated, it is not always convenient to encrypt everything prior to upload. In my case files need to be accessible cross platform (including Android and iOS). That is proving to be quite a hurdle.
The 2nd and bigger one for me is the container itself. In a cloud sync application (like Dropbox) changing anything within the container means resyncing the entire container. If your container is even moderately large, say 100-200MB and upload speed slow, you are screwed. And for me, I would need a very large container and would be adding records quite frequently making something like Truecrypt+Dropbox a non-starter. |
|