[PLUG-TALK] Amazon Cloud Drive

Daniel Pittman daniel at rimspace.net
Sun Apr 3 15:51:05 UTC 2011


On Sun, Apr 3, 2011 at 07:00, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> On Sat, 2 Apr 2011, Richard C. Steffens wrote:
>
>> Is anyone using Amazon Cloud Drive?
>
>   No. I would not.
>
>> Any other concerns I should make her aware of?
>
>   While every technological advance has been predicated upon its beneficial
> uses, someone will find a way to apply it for harm. All software has
> vulnerabilities. Not all are exploited, but the potential exists. I would
> not store any of my personal or business data on someone else's system.
> Period. I'm concered when I learn that organizations holding data about me
> store them external to their systems.

When I think about the security implications of questions like this, I
like to keep in mind that while you are absolutely right that an
Amazon exploit is inevitable … the odds are pretty good that the end
user has a network connected computer at home, without anyone paid to
manage it, dependent on their abilities to keep it secure.

>   Not all the problems are technilogical or digital. How many times have we
> read in the Oregonian about someone's laptop with private data being stolen
> from a vehicle (stupid for leaving it there in the first place), an office,
> or a residence?

We read about that sort of failure plenty often; one counterbalance I
like to remember is that we read about that an awful lot more often
than we do a failure of security at Amazon, Google, or other "cloud"
hosting providers.

> What if a user makes a careless error that opens a port?

At the cloud provider, right, not locally?

> Just yesterday I read about this new exploited vulnerability on web sites
> hosted on Microsoft's SQL Server/2003 and /2005. It redirects users to a
> sham site where information is captured. Apparently several million systems
> have been affected and the two IP addresses (both hosted overseas) keep
> changing as they're discovered.
>
>   We'll never have perfect security. I would rather put up with
> inconvenience and lower efficiency to retain greater privacy. I recongnize
> that I'm in the minority, but I'll do what I can for myself.

I tend to agree, but I think we are distinctly in the minority because
of our skill, rather than our taste.  For most users the choices is
between trusting someone else to keep their system secure, and
trusting someone else to keep their system secure.   They have to
depend on patches, and instructions, because they simply don't have
the skills to make an effective decision about securing their
machines...

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman <daniel at rimspace.net>
✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285
♲ Made with 100 percent post-consumer electrons



More information about the PLUG-talk mailing list