lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAH8yC8nFD_3khr3zj9MXDocVoTuVobURdOHxRahY0Yi2E7Vnzg@mail.gmail.com>
Date: Mon, 10 Jun 2013 21:30:16 -0400
From: Jeffrey Walton <noloader@...il.com>
To: laurent gaffie <laurent.gaffie@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Why PRISM kills the cloud | Computerworld
	Blogs

On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie
<laurent.gaffie@...il.com> wrote:
> Why is the Prims program such a big deal today?  Most of us  knew about
> echelon and the patriot act didn't we? This program was unconstitutional at
> the first place and should have raised indignation when it was approved at
> that time...
+1.

Below is my standard verbiage on clouds and backups to clouds.

Jeff

clouds and drop boxes. If you don’t want your data analyzed,
inspected, shared, or mishandled, then don’t provide it in the first
place. Data migration includes backups, so ensure you are using the
proper attributes on your files. For Apple systems, the file should
have kCFURLIsExcludedFromBackupKey file property or
com.apple.MobileBackup extended attribute (see Technical Q&A QA1719
for details). Android applications should add android:allowBackup on
the application tag and set it to false in AndroidManifest.xml.
Windows’ integrated cloud backup is new, and there’s currently no way
for an application to back up to the cloud (and hence, no way to stop
it).

A layman’s analysis of License Agreements and Terms and Conditions
will reveal how little security is afforded to your documents in cloud
storage. For those who don’t read them, one popular platform has 142
separate documents covering Terms of Conditions for its cloud
alone.[18] The documents discuss your rights if the company (1) gives
away your data, (2) shares you data with partners, (3) looses your
data, (4) provides your data to authorities (sometimes without an
order or warrant), (5) does not provide reasonable skill or care, (6)
commits willful misconduct or fraud, and (7) acts with negligence or
gross negligence. “Your rights” is misleading since it is consent, and
the document effectively states you indemnify the company: “You agree
to defend, indemnify and hold [company], its affiliates, subsidiaries,
directors, officers, employees, agents, partners, contractors, and
licensors harmless from any claim or demand, including reasonable
attorneys’ fees, made by a third party.”[19]

[18] iCloud Terms and Conditions,
https://www.apple.com/legal/internet-services/icloud/ww/
[19] iCLOUD TERMS AND CONDITIONS,
https://www.apple.com/legal/internet-services/icloud/en/terms.html

> Le 2013-06-10 19:46, "Ivan .Heca" <ivanhec@...il.com> a écrit :
>>
>> http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud
>>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ