dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2012-08-17 12:38:00: An e-mail being sent to Time Warner Cable customers informs them that the company's Road Runner Safe Storage service may not be quite so safe. ..

page: 1 · 2 · next

Alex J
@ecatel.net

Alex J

Anon

Good Thing...

Good thing that meager 500 MB offering is so pathetic in the age of new cloud storage options nobody was probably using it.

jjoshua
Premium Member
join:2001-06-01
Scotch Plains, NJ

jjoshua

Premium Member

When will they learn...

You must never store passwords.

jmn1207
Premium Member
join:2000-07-19
Sterling, VA

jmn1207

Premium Member

I've been using LastPass for my password control to add an additional layer of security.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy

MVM

Nothing like giving up the keys to the kingdom

said by Letter :
The database that was accessed contained information you would have entered when you first created your account, including your name, e-mail address, user ID and password, your hint question/answer, and if you ever purchased more storage, possibly your billing address.
In short we were not practicing good security by storing your user name and password in clear text instead of salted and hashed. These days it doesn't matter how good your password is, if fools like this give it away.
b10010011
Whats a Posting tag?
join:2004-09-07
united state

1 recommendation

b10010011

Member

Another example why "The Cloud" is a bad idea.

Even worse a local accounting firm that fell hook line and sinker for cloud services was crippled for three days when Amazon's cloud went down.

They learned their lesson the hard way and have since abandoned all could based services.
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn

Member

Come on !

You all missed the obvious ! Safe Storage was not so safe !

Well at least with 500 megs we can say it really wasn't much for them to lose

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu to b10010011

MVM

to b10010011

Re: Another example why "The Cloud" is a bad idea.

said by b10010011:

Another example of why "The Cloud" is a bad idea.

This this this! In Slashdot terms: mod parent up.

Users should always have full ownership (thus full control) of their data, not some random online entity. This is why I advocate people do their own backups to media they themselves own and have physical control over.

That said, I should note I do not have a problem with services like rsync.net because the overall demographic is different and they're less of a "black box" than these weird online "cloud" or "cloud-esque" providers -- but I still would not use them for data which I consider extremely important or mission-critical.

Dominokat
"Hi"
Premium Member
join:2002-08-06
Boothbay, ME

Dominokat

Premium Member

I didn't even know

... this existed on Time Warner.
Not that I'd use it anyway. I don't trust "cloud" based systems.
etaadmin
join:2002-01-17
united state

etaadmin to BosstonesOwn

Member

to BosstonesOwn

Re: Come on !

said by BosstonesOwn:

You all missed the obvious ! Safe Storage was not so safe !

Well at least with 500 megs we can say it really wasn't much for them to lose

The way I understand it the use of 'safe' within this context is to provide data resiliency not data security, who cares is some hacker got hold of your Grandmother's Christmas pictures.

But you are right this should have never happened and passwords should have been salted, hashed and placed in a different server.
etaadmin

etaadmin to Dominokat

Member

to Dominokat

Re: I didn't even know

said by Dominokat:

... this existed on Time Warner.
Not that I'd use it anyway. I don't trust "cloud" based systems.

Correct, who in their right mind use 'cloud' services to store security sensitive information it is just a magnet for hackers, criminals and state sponsored spying.

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

MxxCon to b10010011

Member

to b10010011

Re: Another example why "The Cloud" is a bad idea.

said by b10010011:

Even worse a local accounting firm that fell hook line and sinker for cloud services was crippled for three days when Amazon's cloud went down.

They learned their lesson the hard way and have since abandoned all could based services.

"Amazon's cloud went down" is an ignorant and blatant lie.
Amazon Web Services has more than 30 different and separate services. I can guarantee on the life of your children and parents that the whole Amazon "cloud" DID NOT go down.

Amazon Web Services provides all the tools necessary to create a highly available, redundant and secure infrastructure that can continue to function if there's an outage in a specific datacenter, availability zone, geographic region or a continent.

If somebody is using AWS and they experienced an outage, it's their own damm fault for not following best-practices in creating a reliable and redundant setup.

If some idiot jumped from a plane with a single parachute, no backup and died, do you blame the whole skydiving industry for the actions of that idiot even though everybody told him to pack a backup?
MxxCon

MxxCon to BosstonesOwn

Member

to BosstonesOwn

Re: Come on !

said by BosstonesOwn:

You all missed the obvious ! Safe Storage was not so safe !

Sure it is safe. Your data is still in that safe, banker just lost the keys to it.
MxxCon

MxxCon to etaadmin

Member

to etaadmin

Re: I didn't even know

said by etaadmin:

said by Dominokat:

... this existed on Time Warner.
Not that I'd use it anyway. I don't trust "cloud" based systems.

Correct, who in their right mind use 'cloud' services to store security sensitive information it is just a magnet for hackers, criminals and state sponsored spying.

Ignorant much?
I guess you don't know that many insurance and financial institutions store their documents using "cloud" services.

It is extremely ignorant of you to condemn the whole industry because some idiots do not know the basics of security.

Do you even what is this "cloud" means? Doesn't seem like it.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu to MxxCon

MVM

to MxxCon

Re: Another example why "The Cloud" is a bad idea.

MxxCon See Profile, I am in full agreement that the likelihood of a highly diversified cloud service (like AWS) going completely offline -- that is to say, EVERY geographic region going down -- is pretty unlikely.

However, there have been a few documented cases of entire AWS geographic regions going down:

* 2012/03/15 -- EC2 east region -- reference
* 2012/03/26 -- Amazon EC2 -- reference

I haven't seen anything on the outages mailing list (I'm subscribed) about AWS issues since then. I'd have to check NANOG as well to see if there were reports there too.

RedCaliSS
Premium Member
join:2004-08-21
Murrieta, CA

RedCaliSS to etaadmin

Premium Member

to etaadmin

Old Old School

ahh hell I'm old, and believe in old school practices.. I even have Tape Drives to backup my backups.. and LTO Ultrium 5 drives ain't cheap but in instances like this, I'm glad I popped for one in my personal 8 TB NAS I created. I do NOT trust the "cloud". never have never will. 50+ years of stuff now digitized, stored and backed up.

Long Live the Commodore 64!!!
etaadmin
join:2002-01-17
united state

1 recommendation

etaadmin to MxxCon

Member

to MxxCon

Re: I didn't even know

said by MxxCon:

Ignorant much?
I guess you don't know that many insurance and financial institutions store their documents using "cloud" services.

Dumb me... of course "many insurance and financial institutions store their documents using "cloud" services" I feel so much safer now.

Thanks!... wait I'm talking to a Gorilla.

OSUGoose
join:2007-12-27
Columbus, OH

OSUGoose

Member

Hold On!

You guys fell for that email? TWC/Insight said it was fake and to delete it.

AnonMe
@comcastbusiness.net

AnonMe to MxxCon

Anon

to MxxCon

Re: Another example why "The Cloud" is a bad idea.

If you were one of those Amazon customer's in the unfortunate geographic region who couldn't access any of your data, from your propective, "The Amazon Cloud was down."

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

MxxCon to koitsu

Member

to koitsu
Yes, a region can go down, but again, AWS offers people all the tools necessary to create an infra that can survive a region failure. If they did not implement and such an outage was unacceptable to them, its their own fault.

And I doubt that "a local accounting firm" would be using a bare-bones EC2 anyway. It would be either S3 or some seller.
If it's a seller that had 3 day long outage, then again, don't blame Amazon or "cloud" for actions of one incompetent company!

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

1 edit

skeechan to MxxCon

Premium Member

to MxxCon

Re: I didn't even know

So what, just because financial institutions use cloud storage doesn't make it safe.

Fact is you never know which idiots are running which services. Smart today, idiot tomorrow.
b10010011
Whats a Posting tag?
join:2004-09-07
united state

b10010011 to MxxCon

Member

to MxxCon

Re: Another example why "The Cloud" is a bad idea.

said by MxxCon:

"Amazon's cloud went down" is an ignorant and blatant lie.

Whatever...

The cloud service they were purchasing from Amazon was unavailable for three days.

Call it what you will but from this businesses perspective Amazon's cloud was down.

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

MxxCon to AnonMe

Member

to AnonMe
said by AnonMe :

If you were one of those Amazon customer's in the unfortunate geographic region who couldn't access any of your data, from your propective, "The Amazon Cloud was down."

Actually, I was one of those customers that got affected by east coast outage. We were not down because we had infra setup on the west coast and in Singapore. And "amazon cloud" was not down. Only a specific service was, EC2 and EBS.
MxxCon

MxxCon to skeechan

Member

to skeechan

Re: I didn't even know

If you implement redundant TNO, any service is good.

cork1958
Cork
Premium Member
join:2000-02-26

cork1958 to jjoshua

Premium Member

to jjoshua

Re: When will they learn...

said by jjoshua:

You must never store passwords.

Stored passwords?

Never done such a thing. Not that much of a lame brain to count on some outside/third party thing to do that for me. I know how to all by myself.

Exactly why I'll never use cloud crap for anything remotely useful!

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

1 edit

skeechan to MxxCon

Premium Member

to MxxCon

Re: I didn't even know

said by MxxCon:

If you implement redundant TNO, any service is good.

Not necessarily. Let's look at consumer grade cloud services. At Dropbox you had an update pushed that turned off proper authentication requirements. The service was still up for everyone, but unfortunately ANY PASSWORD got you into an account. Everyone's account was exposed. I would consider that a bit problematic.

Redundancy doesn't protect the contents of your data from anything other than loss. That is no solace when it comes to sensitive or semi-sensitive data. And it is not always convenient to encrypt everything prior to upload to a cloud service (eg an app tied to service doesn't support encryption before upload). Having to do so can defeat the convenience or even purpose of having the service.

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

1 recommendation

MxxCon

Member

You are confusing a few different concepts here.
TNO is short of "trust no one", a security concept where you, yourself make sure that the data is encrypted and you control all the encryption and decryption mechanisms. EncFS and BoxCryptor are such examples. TrueCrypt is another one.
Yes, I agree with you that Dropbox has horrible security track record. I personally don't use, will not use it and will strongly encourage everybody not to use it.
You are also mixing up storage with synchronization services. But even if you use dropbox, you can use the above listed products to make sure that your files are secure.

AnonFTW
@rr.com

AnonFTW to koitsu

Anon

to koitsu

Re: Another example why "The Cloud" is a bad idea.

Any engineer worth his salt who is hosting with AWS would set up redundancy in two, very geographically redundant, regions.

The fact several high profile sites didn't and went down along with a single AWS region just proves they should invest more money into infrastructure talent.

There is nothing wrong with "the cloud" as long as your provider is half-way competent.

Disclaimer: I am a SaaS cloud engineer. We don't host with AWS and we have geographic redundancy via BGP.
AnonFTW

AnonFTW to skeechan

Anon

to skeechan

Re: I didn't even know

Funnily enough, Dropbox is hosted with AWS.

michieru
Premium Member
join:2009-07-25
Denver, CO

michieru to jmn1207

Premium Member

to jmn1207

Re: When will they learn...

»threatpost.com/en_us/blo ··· h-050511

I was interested in LastPass till I read this, and after that one article it was enough to convince me not to store any such data online period. It's a inconvenience but better than changing over 50 logins.

skeechan
Ai Otsukaholic
Premium Member
join:2012-01-26
AA169|170

2 edits

skeechan to MxxCon

Premium Member

to MxxCon

Re: I didn't even know

As I have already stated, it is not always convenient to encrypt everything prior to upload. In my case files need to be accessible cross platform (including Android and iOS). That is proving to be quite a hurdle.

The 2nd and bigger one for me is the container itself. In a cloud sync application (like Dropbox) changing anything within the container means resyncing the entire container. If your container is even moderately large, say 100-200MB and upload speed slow, you are screwed. And for me, I would need a very large container and would be adding records quite frequently making something like Truecrypt+Dropbox a non-starter.
page: 1 · 2 · next