please help me about cloud

[arifuddin]

hi everyone.

i'm arifuddin from indonesia

i want to ask you about cloud, what makes the cloud is not safe ?
please tell me about that.

 

thanks

[Nick H. Supervisor]

2 minutes ago, arifuddin said:

i want to ask you about cloud, what makes the cloud is not safe ?

<Moved to Virtualization and Cloud Services forum>

[kachan64]

Cloud is not safe because if government request access, the company that runs the site can give back door access.

Another thing is that hackers can do stuff on your account, if your account was accessed by someone else.

Lawsuit can also gain access to your cloud drive.

But there could be more

[sc302 Veteran]

The issue with the cloud is that at any given time any one could access your information without your knowledge or consent.  The owners of the "cloud" can get into your data, they can copy your data, and they have access to any records as well as the ability to delete those records that have to do with your site and site access (if they were to go into your site, they would have the ability to purge the logs).  The only thing protecting your data between you and the provider is a piece of paper that says you are protected...if you are good with that then by all means the cloud is safe....if you would sign a similar piece of paper with a random person on the street regarding your bank account and money giving them all of your account information as well as your credentials to be able to withdraw your money at any given time they choose the cloud is a perfect solution for you. 

 

Now while you may trust microsoft or apple or whomever with your data, understand that their datacenters are constantly under attack (large well known foot print) and at some point they will become compromised.  They also have ways to get into your data even if it is encrypted.  While they "need your permission" to access the files...what makes you think that they can't access your files without your permission?  They hold the keys to get into your file in the first place, which means viewing it unencrypted.  If they can view it unencrypted, what makes you think that they can't access it when they want to?  If they can access it when they want to, what makes you think they won't?  A piece of paper agreeing that they won't?  Really, are you willing to put your life earnings based on a single piece of paper that states that they promise they won't do it?  Give me all of your bank account information and credit card information, I promise I won't use it for personal gain and we won't give access to just anyone<--would you trust anyone with a statement like that?  Why would you trust cloud providers who basically say the same statement (although better worded by their legal departments). 

[adrynalyne]

2 hours ago, kachan64 said:

Cloud is not safe because if government request access, the company that runs the site can give back door access.

Another thing is that hackers can do stuff on your account, if your account was accessed by someone else.

Lawsuit can also gain access to your cloud drive.

But there could be more

All of that can affect local storage too. The difference is a search warrant and a knock on your door. Hackers are far more likely to get through your own defenses than a cloud provider. 

[sc302 Veteran]

8 minutes ago, adrynalyne said:

All of that can affect local storage too. The difference is a search warrant and a knock on your door. Hackers are far more likely to get through your own defenses than a cloud provider. 

Not necessarily...how exactly was the icloud hacked? (large cloud provider that is constantly being attacked and hacked).   You may not hear about different providers being hacked unless it is massive. 

 

You also have to really have a good network (the same of a cloud) as well as IP's that do not correlate with your public ips (like mail and what not) while keeping your known public away from your unknown public (like vpn, ssh, etc).  Mail should be on its own somewhere that is no where close to your other ips/network.  It is easy to hack a company that has their mail on the same subnet as their vpn or rdp.    To bad you cant falsify your information with your isp so that they have your ip registered with joes crab shack (not necessarily falsifying it with your isp but paying them to falsify the registry of who your ip is registered with). 

[adrynalyne]

8 minutes ago, sc302 said:

Not necessarily...how exactly was the icloud hacked? (large cloud provider that is constantly being attacked and hacked).   You may not hear about different providers being hacked unless it is massive. 

 

You also have to really have a good network (the same of a cloud) as well as IP's that do not correlate with your public ips (like mail and what not) while keeping your known public away from your unknown public (like vpn, ssh, etc).  Mail should be on its own somewhere that is no where close to your other ips/network.  It is easy to hack a company that has their mail on the same subnet as their vpn or rdp.    To bad you cant falsify your information with your isp so that they have your ip registered with joes crab shack (not necessarily falsifying it with your isp but paying them to falsify the registry of who your ip is registered with). 

Obviously it depends on the company, but I refuse to believe that most consumers use enterprise grade security, yet they talk about how cloud is insecure.

 

I'd say they are no more insecure than themselves, barring shady companies of course.

 

How do you think a typical consumer would fare against the attacks a cloud provider falters with?

 

 

[+John. Subscriber¹]

10 minutes ago, sc302 said:

Not necessarily...how exactly was the icloud hacked? (large cloud provider that is constantly being attacked and hacked).   You may not hear about different providers being hacked unless it is massive. 

 

You also have to really have a good network (the same of a cloud) as well as IP's that do not correlate with your public ips (like mail and what not) while keeping your known public away from your unknown public (like vpn, ssh, etc).  Mail should be on its own somewhere that is no where close to your other ips/network.  It is easy to hack a company that has their mail on the same subnet as their vpn or rdp.    To bad you cant falsify your information with your isp so that they have your ip registered with joes crab shack (not necessarily falsifying it with your isp but paying them to falsify the registry of who your ip is registered with). 

Just to clear things up with iCloud, it wasn't hacked. The celebrities were. Nothing about the service was compromised, the hackers exploited the celebrities by tricking them into showing/resetting their password. 

 

Phishing is different to Hacking. 

 

 

Regarding the cloud, what most people are saying here is true for any data on any system.

 

The difference with the cloud is that your files could be anywhere in the world at any time. 

 

Say that you have an account with an Indonesian company, you expect the data to be protected by Indonesian law. Unfortunately, your data could be on American servers, meaning it's actually subject to American law.

 

The cloud is generally safe, as your data bounces around numerous sites and servers in order to best get to you, but it's always good to check where any company server farms actually are. 

[sc302 Veteran]

Home users wouldn't,  however they are a moving target.   A cloud provider isn't.  You will never know when a computer is off, on,  attached to any specific ip on a home/dhcp connection. 

 

Cloud providers don't have the anonymity that home users have. You know if you break into a cloud provider there is a good chance of hitting gold. If you break into a home network there is a good chance of kitty videos. 

[+John Teacake MVC]

I've always thought as the Cloud as a race to the bottom. Ever demanding increase, Drives prices to rock bottom because everyone wants a slice of the pie. Cost Cutting to increase profit, Corner Cutting means one little mistake then bad things happen. I have always thought of the scenario of some day your data is sat on some servers in a tin pot republic and they walk in and take all the servers away? What then? 

[+BudMan MVC]

"what makes the cloud is not safe ?"

 

Not safe for who exactly?  Not too worried about the NSA watching my kitty videos..

 

Everyone has the right to privacy depending on what country you live in But come on are you worried about the mailman reading your postcard you send your bud while on trip?  What exactly are you storing in the could that would be of concern if the nsa or someone else saw it.  Now while you might not want it sitting on a anonymous ftp server open to the planet..  Fairly sure your files in the cloud are not being read by every dick tom and harry that works for the cloud provider, nor is the NSA too concerned with your kids bday party video, etc..

 

Now should company X store all their personnel/financial  files there without some safeguards like encryption before storing?  Most likely not..

 

Users send 1000's of emails every nanosecond across the globe, not encrypted, text messages by the bajillion an hour - not encrypted.. But your worried about amazon that is storing your recipe for beer nuggets having access to your recipe??

 

Lets put things in perspective here people, not all your info needs to be encrypted with 1024 bit triple AES that you need a launch code of a password to get too.. I love how people complain about privacy yet everyone gives company C their full info and list of everything they buy and when with their loyalty cards so they can get 5$ in credit when they spend 100...  But storing your resume that you freely hand out to anyone that might offer you a job needs to be encrypted to be stored with some cloud provider... Really???

 

How do you pay for your stuff, are you a cash only person?  If not Visa sure and the F knows everywhere you go and when and how much you spend and on what..  You think the NSA doesn't have access to this info?  But your really worried about those cat videos you have on the cloud?

 

Do you wear a mask to hide from the security cameras every time you buy some condoms at the local stop and shop?  There is desire for perceived anonymity sure, and then there is just come on lets not blow this ###### out of proportion on the worth of your files you store on your computer be it local or in the cloud..

 

Does neowin have your real name and email address, or do you only access neowin via a vpn connection via a tor connection from the public wifi network 3 miles from your house?  While you might not announce your real name to everyone here.. And you might have some complaints if neowin turned on real names vs nicks in the forum without checking with you, etc..  But for ###### sake storing my ebook collection on google drive better be triple encrypted and require MFA to access, etc.. 

[wendy oltman]

Cloud storage is a secure and genuine  form of data storage that allows users to store in cloud/ The biggest advantage of cloud storage is its accessibility. You can access your docs anywhere anytime. Answer to your question, yes there have been incidents that cloud data had been leaked, but it is because of the security flaw of that particular cloud server/provider. I have been using OneDrive for years, and never have my server let me down. Also do opt opt for providers that give encrypted cloud storage and on safe side, always backup your data on 2 different storage mediums. 

[oldtimefighter]

The question is to vague and the cop out answer is it DEPENDS on a number of different things including what service we are taking about and the data in question you are trusting to it. Saying that, notice my signature. Compute locally when ever possible!

 

 

On 4/29/2016 at 1:03 PM, adrynalyne said:

All of that can affect local storage too. The difference is a search warrant and a knock on your door. Hackers are far more likely to get through your own defenses than a cloud provider. 

That is true but hackers are hitting those services 1000x more and are being specifically targeted. I was just notified yesterday I need to change my Dropbox password (not being used). LOL Most individuals who get "hacked" are dumb people who do it to themselves via malware infection. I am pretty sure no one is "targeting" me and trust my own security more than any 3rd-party.

Edited August 29, 2016 by oldtimefighter

[+Fahim S. MVC]

On 8/29/2016 at 1:57 PM, oldtimefighter said:

That is true but hackers are hitting those services 1000x more and are being specifically targeted.

It's true that they are targeted much more but I can guarantee you that they have many security professionals testing, and closing holes in their services.  This will be orders of magnitude more than a normal corporate that is 'self-hosting' and proportionally speaking, more than 99.9999% of consumers won't have the same level of knowledge.