funsec mailing list archives
Re: Will the digital cloud lead to a deluge of privacy class actions?
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 3 Dec 2012 06:57:00 -0500
On Sun, Dec 02, 2012 at 05:57:57PM -0600, Richard Golodner wrote:
I agree completely. The only thing I store in Amazon's cloud are baby pictures, music, and miscellaneous junk I would not mind loosing or having stolen.
The problem is not what you, personally, are storing. The problem is what your bank, and the merchants you deal with, and your employer, and your credit card companies, and everyone else, are storing [in clouds]. What they do not realize (and what the purveyors of cloud operations will not tell them) is that they are simply making the target bigger and thus more desirable. I wonder: what *would* $100K of non-taxable income in a briefcase buy from an Amazon or Cloudfront engineer? (Sure, it could probably be hacked, but that's tedious. It's probably more cost-effective to try the old ways: bribery and blackmail.) Of course one of the "features" of cloud outsourcing is plausible deniability; it works like this: Bank: "We trusted the cloud vendor, it's their fault." Cloud: "We just provide the cloud, it's the bank's fault." Both (in chorus): "Never mind that you run OpenBSD on your desktop, you must have been infected by a virus. It's your fault." We barely know how to secure simple, dedicated, monofunctional services; it's insane to think that anyone has a clue how to effectively secure the cloud. But since of course it's all the rage, the cloud vendors are willing to lie, lie, lie about it while counting their profits. ---rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Will the digital cloud lead to a deluge of privacy class actions? Jeffrey Walton (Dec 02)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Richard Golodner (Dec 02)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Rich Kulawiec (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Blanchard, Michael (InfoSec) (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Paul Ferguson (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Drsolly (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Blanchard, Michael (InfoSec) (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Blanchard, Michael (InfoSec) (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Paul Ferguson (Dec 03)
- Message not available
- Re: Will the digital cloud lead to a deluge of privacy class actions? Blanchard, Michael (InfoSec) (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Nick FitzGerald (Dec 03)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Richard Golodner (Dec 02)
- Re: Will the digital cloud lead to a deluge of privacy class actions? Rich Kulawiec (Dec 03)