Thursday, July 16, 2009

Security and the Cloud

I was browsing through my unread tweets earlier today and I came across tweets from Evan, the CEO of Twitter. Apparently some enterprising cracker had managed to guess the passwords of several Twitter employees and gain access to their confidential documents, then sent them to a popular tech startup blog. I do not condone the actions of the cracker nor those of the writers of that blog. I think what they did was unethical and will mostly likely be detrimental to Twitter; thus, I'd rather not direct you to their site and increase their traffic. I'll be honest: I love Twitter. As much as I could easily write an entry extolling them while condemning the cracker and his cohorts, I leave that up to other concerned users. While everyone else is fixated on what this means for Twitter, no doubt focusing on its ambitious plans, the whole fiasco struck me more as a failure of cloud computing. What most people don't realize is the exploits of one fame seeking cracker not only undermined the plans and operations of Twitter, but also highlighted some problems of widespread corporate adoption of cloud computing.

The proponents of cloud computing, particularly at Google, would like us to believe that cloud computing is safe, and perhaps safer than traditional hosting solutions. They argue that your fragments of your data are distributed across several servers and in the event a single server is compromised, the attacker won't be able to retrieve your data as he will only have access to a possibly useless fragment. While this may hold true for attacks against servers, I prefer to exercise restraint when claiming cloud computing in general is safe.

The biggest strength of cloud computing is its ability to turn any internet connected device into your personal computer. Its main selling point is you can access your files from anywhere. It frees you from being restricted to a single device and its associated limitations or from the difficulty of synchronizing multiple devices. For instance, suppose your laptop/netbook is somehow irreparably damaged, cloud computing would spare you from 1) scrambling for the latest backup files, and 2) the pains of having to configure your replacement laptop. In fact, given any device can become your own personal computer, you can stop lugging around that heavy laptop with that clunky hard drive altogether.

Its biggest weakness: "you" can access your files from anywhere. Without the need to physically access a target device, your data is no longer secure once your credentials are compromised. While cloud computing may have defenses in place against attacks on servers, it has always been far easier to compromise the account of an individual user than it is to compromise an entire server. Granted, this is an issue shared with most, if not all, networks connected to the internet. However, cloud computing amplifies this problem by having all your data readily accessible from the internet.

Of course, the problem could be somewhat mitigated by a security policy that enforces requirements on password strength, as well as setting a finite time for the period of its validity. On the server end, it would help to support seamless encryption with private keys being stored locally (although this would go against the whole “any computer can become your computer” concept.)

There are other issues which I believe to be of lesser importance and will refrain from discussing in this blog but will address in another blog concerning Chrome OS in the near future.

37 comments:

teslaman2003 said...

how bout freshnip?

dilettante said...

What about Freshnip? The blog was a short discussion of the pitfalls of cloud computing in terms of hosting all your data.

Bille said...

What do a few stupid passwords used at Twitter have to do with Cloud Computing?

jospoortvliet said...

You have a good point. Many people have very weak passwords. That's not much of an issue, unless somebody steals their desktop or laptop - but with their data in hotmail, google docs, or any other online service it becomes very vulnerable.

dilettante said...

@Bille It's one thing to have a weak password on your local machine. If your important files are stored locally, as long as you have physical possession of your machine, you're safe. With cloud computing, once someone gains access to your credentials, your files can be retrieved with little difficulty.

時尚 said...

blog is great~~祝你人氣高高~ ........................................

婉婷婉婷 said...

hello~~........................................

林守全 said...

thank u........................................

瑜吟 said...

愛情是一位偉大的導師,教我們重新作人..................................................

406IraidaMathew0 said...

thanks................................................

韋志 said...

how do u do?xvideo打飛機專用網洪爺免費洪爺色情片洪爺貼圖區洪爺成人線上洪爺影城洪爺色論壇洪爺貼圖洪爺成年人網洪爺免費色情洪爺色情貼援交妹辣妹野球拳情色文學情趣聊天室性感辣妹裸體遊戲做愛偷拍一夜情視訊洪爺色情貼洪爺免費色情洪爺成年人網洪爺貼圖洪爺色論壇洪爺影城洪爺成人線上洪爺貼圖區洪爺色情片洪爺免費洪爺色情貼洪爺免費色情洪爺成年人網洪爺貼圖洪爺色論壇洪爺影城洪爺成人線上洪爺貼圖區洪爺色情片洪爺免費洪爺免費洪爺色情片洪爺貼圖區洪爺影城洪爺色論壇洪爺貼圖洪爺成年人網洪爺免費色情洪爺色情貼洪爺成人線上

妍慧 said...

不要把生命看得太嚴肅,反正我們不會活著離開。...............................................................

Edwin Jaustin said...
This comment has been removed by the author.
韋于倫成 said...

色情網自拍影片色情文章比基尼成人動畫色瞇瞇影片網小弟貼影片bt成人成人 影片日本成人網站日本成人網站破解日本成人網址日本成人線上免費日本成人免費影片日本成人動畫日本曾根日本有碼 dvd 專賣店日本有碼進口dvd專賣店日本東洋影片視訊 辣妹g8成人下載av短片-免費a片亞亞 dvd 光碟嘿咻kiss168cu成人bt情色 網4u成人0401影音視訊交友愛情館本土自拍xd成人圖區新人淚成人色網kkg亞洲免費影片av影片欣賞性行為補給站999成人性站最愛78論壇最色情的網站最色情的遊戲最多人聊天室最大a片網

NealVa憲妤 said...

xh美色網 免費a片下載嘟嘟情人色網影片 av,sex520免費影片 完全免費視訊聊天 777美女dvd辣妹視訊 免費視訊celia aio交友視訊愛情館 西門慶成人論壇 台中酒店S援交 sex888影片分享區高中生援交 一葉情貼影片區 1314視訊 情人線上aa片試看嘟嘟 情人視訊網a 妹妹視訊 情色網成人電影 xxxholic次元魔女 成人文學小弟弟貼影片區 亞亞成人館 ut成人聊天室 微風成人 go2av免費看影片 104黑色會美眉自慰 日本同志色教館情色文學成人小說 34c視訊辣妹美女sex888免費電影 情色視訊論壇 0204貼圖區免費色情電影 成人貼圖站 交友ggo 免費影片下載a gogo2sex日本 拓網交友視訊美女 080情人網伊利論壇 一本道 a片 東京熱免費成人影片觀賞 交友ggoo 夜未眠影片中心 34c情人視訊網 一夜情性 情色視訊 美女 亞洲禁果名模影城 日本av論壇 台南視訊34c美女館 bt論壇交友網成人情色視訊妹 免費情人視訊 性愛電影85cc 聊天室交友whei 38girl視訊美女 aa免費影片 獨秀視訊聊天室 av730美眉共國 辣妹哈啦聊天室

怡君 said...

我新來的~大家可交個朋友嗎(・ˍ・)........................................

07_TeddyF_Silvey0 said...

與人相處不妨多用眼睛說話,多用嘴巴思考,...........................................................................

聖妃 said...

失意人前,勿談得意事;得意人前,勿談失意事。 ..................................................

義珊 said...

要持續更新下去喲!!祝你心情愉快.............................................................

洪筱婷 said...

不只BLOG內容很棒留言也很精采 XDDDD

靜宸靜宸 said...

It takes all kinds to make a world.............................................................

張怡 said...

安一估~你也安一估哦~............................................................

吳婷婷 said...

很用心的blog,推推哦 ..................................................................

志穎志穎 said...

開心不開心都是一天,祝您能夠笑著面對一切!............................................................

anthonyjensen張anthonyjensen欣虹 said...

人生的「三部曲」應該是無愧的昨天,充實的今天,與充滿希望的明天。..................................................

陳韋夏陳韋夏益東富益東富 said...

希望我的支持可以帶給你快樂--加油.............................................................

宥妃宥妃 said...

我們能互相給予的最佳禮物是「真心的關懷」。..................................................

韋以韋以 said...

Never put off till tomorrow what may be done today..................................................................

陳佑發 said...

請繼續發表好文!加油加油加油!.......................................................

林聖瑤 said...

婚姻對男人來說是賭他的自由,對女人而言卻是賭她的幸福。.................................................................

凱許倫 said...

與人相處不妨多用眼睛說話,多用嘴巴思考. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

凱許倫 said...

Lets cross the bridge when we come to it............................................................

基韬 said...

Quality is better than quantity...................................................................

蕾蕾 said...

享受你自己的生活,不要與他人相比。......................................................

x于珊姚于珊姚于珊 said...

期待新的內容 感謝你..................................................................

冠霖林冠霖林冠霖林 said...

看到大家都留言-我也忍不住說聲---加油..................................................

翊翊翊翊張瑜翊翊翊 said...

More haste, less speed..................................................................