lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <02A1AA89-F51A-4BDF-839F-FF118AD68A91@preussker.net>
Date: Tue, 11 Jun 2013 08:28:28 +0200
From: Daniel Preussker <daniel@...ussker.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Why PRISM kills the cloud | Computerworld
Blogs
+1 (including +1 for the 'rant' about cloud)
Daniel Preussker
[ Security Consultant, Network & Protocol Security and Cryptography
[ LPI & Novell Certified Linux Engineer and Researcher
[ +49 178 600 96 30
[ Daniel@...ussker.Net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1
On 11.06.2013, at 03:30, Jeffrey Walton wrote:
> On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie
> <laurent.gaffie@...il.com> wrote:
>> Why is the Prims program such a big deal today? Most of us knew about
>> echelon and the patriot act didn't we? This program was unconstitutional at
>> the first place and should have raised indignation when it was approved at
>> that time...
> +1.
>
> Below is my standard verbiage on clouds and backups to clouds.
>
> Jeff
>
> clouds and drop boxes. If you don’t want your data analyzed,
> inspected, shared, or mishandled, then don’t provide it in the first
> place. Data migration includes backups, so ensure you are using the
> proper attributes on your files. For Apple systems, the file should
> have kCFURLIsExcludedFromBackupKey file property or
> com.apple.MobileBackup extended attribute (see Technical Q&A QA1719
> for details). Android applications should add android:allowBackup on
> the application tag and set it to false in AndroidManifest.xml.
> Windows’ integrated cloud backup is new, and there’s currently no way
> for an application to back up to the cloud (and hence, no way to stop
> it).
>
> A layman’s analysis of License Agreements and Terms and Conditions
> will reveal how little security is afforded to your documents in cloud
> storage. For those who don’t read them, one popular platform has 142
> separate documents covering Terms of Conditions for its cloud
> alone.[18] The documents discuss your rights if the company (1) gives
> away your data, (2) shares you data with partners, (3) looses your
> data, (4) provides your data to authorities (sometimes without an
> order or warrant), (5) does not provide reasonable skill or care, (6)
> commits willful misconduct or fraud, and (7) acts with negligence or
> gross negligence. “Your rights” is misleading since it is consent, and
> the document effectively states you indemnify the company: “You agree
> to defend, indemnify and hold [company], its affiliates, subsidiaries,
> directors, officers, employees, agents, partners, contractors, and
> licensors harmless from any claim or demand, including reasonable
> attorneys’ fees, made by a third party.”[19]
>
> [18] iCloud Terms and Conditions,
> https://www.apple.com/legal/internet-services/icloud/ww/
> [19] iCLOUD TERMS AND CONDITIONS,
> https://www.apple.com/legal/internet-services/icloud/en/terms.html
>
>> Le 2013-06-10 19:46, "Ivan .Heca" <ivanhec@...il.com> a écrit :
>>>
>>> http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud
>>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Download attachment "PGP.sig" of type "application/pgp-signature" (842 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists