Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Revel

Link to the article above:

https://market-ticker.org/akcs-www?post=231549

Link to see all articles:

https://market-ticker.org/akcs-www?blog=Market-Ticker


2 posted on 10/11/2016 11:51:02 AM PDT by Revel
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Revel

From the end of the article:

Update: That was fast — Anon now claims in a Twitter post that the server has been penetrated and imaged. Here it comes Hillary; this is what you get for hiring incompetent people who do blatantly-stupid things.


3 posted on 10/11/2016 11:54:47 AM PDT by Mr. Douglas (Today is your life. What are you going to do with it?)
[ Post Reply | Private Reply | To 2 | View Replies ]
To: Revel
Tho I can't pretend to understand much of it, this stuff from your link confirms my 'neck hair distrust' since Day 1 of ever trusting anything valuable - nevermind sensitive - to the 'cloud':

- - - - - -

If you want to know why the media will not bring any of this up it's quite simple: All the "cloud" providers will have their forward business prospects instantly destroyed if it becomes common knowledge that there is no such thing as a secure encryption key that is both in-use (that is, unlocked) and on ANY VM that is running in a place where you do not have absolute (both physical and logical) control over the host.

Oh, and this is never true on a public cloud (by definition ) and cannot be made true because by definition the host process can access any of the VM "guest" processes address space.  This means that everything in said "guest" process (the cloud "instance") is always accessible without the knowledge or consent of the administrator of the cloud instance.  "Cloud" computing and indeed all virtual machine operations rely on this fact and until and unless CPUs are developed that allow for per-VM write-only decryption keys that can be loaded "out of band", enabling fully-encrypted RAM with no way for the host process to recover the key and no unencrypted memory anywhere in the running image it cannot be fixed.

In turn this means that the only legitimate use for public cloud resources is to store and distribute public content that you do not mind being released.  You can safely use a public cloud server to run a web page that has only public data on it, for example, since the entire point of said server and page is to publish material to anyone who wants it.  But as soon as you require access control (e.g. security, logins and encrypted passwords, billing data, etcor any sort of "controlled" material (e.g. encrypted data such as credit cards, private email, etc) you are betting on the security of components not under your control and in fact potentially under the control, whether directly or through various forms of compromise (whether bribery, blackmail or simple stupidity) of explicitly hostile persons!

28 posted on 10/11/2016 12:50:35 PM PDT by tomkat
[ Post Reply | Private Reply | To 2 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson