lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Jun 2013 08:28:28 +0200
From: Daniel Preussker <daniel@...ussker.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Why PRISM kills the cloud | Computerworld
	Blogs

+1 (including +1 for the 'rant' about cloud)


Daniel Preussker

[ Security Consultant, Network & Protocol Security and Cryptography
[ LPI & Novell Certified Linux Engineer and Researcher
[ +49 178 600 96 30
[ Daniel@...ussker.Net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1

On 11.06.2013, at 03:30, Jeffrey Walton wrote:

> On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie
> <laurent.gaffie@...il.com> wrote:
>> Why is the Prims program such a big deal today?  Most of us  knew about
>> echelon and the patriot act didn't we? This program was unconstitutional at
>> the first place and should have raised indignation when it was approved at
>> that time...
> +1.
> 
> Below is my standard verbiage on clouds and backups to clouds.
> 
> Jeff
> 
> clouds and drop boxes. If you don’t want your data analyzed,
> inspected, shared, or mishandled, then don’t provide it in the first
> place. Data migration includes backups, so ensure you are using the
> proper attributes on your files. For Apple systems, the file should
> have kCFURLIsExcludedFromBackupKey file property or
> com.apple.MobileBackup extended attribute (see Technical Q&A QA1719
> for details). Android applications should add android:allowBackup on
> the application tag and set it to false in AndroidManifest.xml.
> Windows’ integrated cloud backup is new, and there’s currently no way
> for an application to back up to the cloud (and hence, no way to stop
> it).
> 
> A layman’s analysis of License Agreements and Terms and Conditions
> will reveal how little security is afforded to your documents in cloud
> storage. For those who don’t read them, one popular platform has 142
> separate documents covering Terms of Conditions for its cloud
> alone.[18] The documents discuss your rights if the company (1) gives
> away your data, (2) shares you data with partners, (3) looses your
> data, (4) provides your data to authorities (sometimes without an
> order or warrant), (5) does not provide reasonable skill or care, (6)
> commits willful misconduct or fraud, and (7) acts with negligence or
> gross negligence. “Your rights” is misleading since it is consent, and
> the document effectively states you indemnify the company: “You agree
> to defend, indemnify and hold [company], its affiliates, subsidiaries,
> directors, officers, employees, agents, partners, contractors, and
> licensors harmless from any claim or demand, including reasonable
> attorneys’ fees, made by a third party.”[19]
> 
> [18] iCloud Terms and Conditions,
> https://www.apple.com/legal/internet-services/icloud/ww/
> [19] iCLOUD TERMS AND CONDITIONS,
> https://www.apple.com/legal/internet-services/icloud/en/terms.html
> 
>> Le 2013-06-10 19:46, "Ivan .Heca" <ivanhec@...il.com> a écrit :
>>> 
>>> http://m.blogs.computerworld.com/cloud-storage/22305/why-prism-kills-cloud
>>> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Download attachment "PGP.sig" of type "application/pgp-signature" (842 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists