Re: Will the digital cloud lead to a deluge of privacy class actions?

[Rich Kulawiec <rsk () gsp org>]

On Sun, Dec 02, 2012 at 05:57:57PM -0600, Richard Golodner wrote:
>       I agree completely. The only thing I store in Amazon's cloud are baby
> pictures, music, and miscellaneous junk I would not mind loosing or
> having stolen.

The problem is not what you, personally, are storing.

The problem is what your bank, and the merchants you deal with, and
your employer, and your credit card companies, and everyone else, are
storing [in clouds].

What they do not realize (and what the purveyors of cloud operations
will not tell them) is that they are simply making the target bigger
and thus more desirable.  I wonder: what *would* $100K of non-taxable
income in a briefcase buy from an Amazon or Cloudfront engineer?

(Sure, it could probably be hacked, but that's tedious.  It's probably
more cost-effective to try the old ways: bribery and blackmail.)

Of course one of the "features" of cloud outsourcing is plausible
deniability; it works like this:

        Bank: "We trusted the cloud vendor, it's their fault."
        Cloud: "We just provide the cloud, it's the bank's fault."
        Both (in chorus): "Never mind that you run OpenBSD on your
                desktop, you must have been infected by a virus.
                It's your fault."

We barely know how to secure simple, dedicated, monofunctional services;
it's insane to think that anyone has a clue how to effectively secure
the cloud.  But since of course it's all the rage, the cloud vendors
are willing to lie, lie, lie about it while counting their profits.

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.