Clouds and security

Anyone else have the hair on their stand up when they saw this headline:

Three million Adobe accounts hacked? Sorry, make that 38 MILLION

Forget 3D scanners and printers stealing your intellectual property, having your username and password to a cloud service is still the easiest way.

When Autodesk first started to add, “save to the cloud” in their software, I was amused. I never used it and it was easy to get around. Then Adobe CS went to a subscription model and they offer a similar “save to the cloud” feature. That made me cringe. Now we find out that they left their door wide open. …

How does everyone feel about this? How many people use a cloud service?

We’ve been using basecamp and just switched over to a MS based email service with skydrive. I’m scared to use any of it now.

I don’t know. Seems par for the course at this point.

I use Gmail and Drive, both cloud services. If someone wanted to do some damage, or wreak havoc, my gmail login alone would be plenty. There was a good story from a Wired editor about his life being turned upside down after his apple account was compromised by a very persisient hacker.

People are used to backing up work and personal data with multiple layers of redundancy, and I suspect that security will get there eventually. Either multiple passwords that more complex, or different types of authentication, like fingerprint scanning, retina scanning, heartbeat signature, or some other clever mechanism that someone hasn’t thought of yet.

Just found this, this week. GYB Got Your Back, backup service for Gmail. Downloads everything to your local machine.

If your content is important enough, then avoiding the cloud is still the thing to do. Our corporate IT has banned almost every cloud service (drop box, Creative cloud, etc) since it is secure. Even sites like Google Patent Search are off limits. You’re effectively saying “hey I’m at a Corporate IP address searching for super awesome carbon nanotube powered widgets” to one of the companies that could very well be your competitor.

Though at the same time, we got in bed with Microsoft on their Outlook cloud service, so I suppose it just depends on who you trust more with your content, not as a hard and fast rule.

Cyberdemon is correct. You don’t want your information out there, don’t put it out there.

In order to do that, you may have to use an inferior product. No Photoshop cloud? Then find an alternative. Factor in the cost of training on the product and the possible loss of productivity due to its inferiority.

Not an easy decision, but still a choice.

You can still use Creative Suite without saving your files in the Cloud, which is what I’d suggest if your content is sensitive.

Put aluminum foil on your windows and don’t turn on a computer. It’s your only hope.

Unfortunately security is a direct trade off with convenience. I would say the best advice I heard is to understand the risks of each service and silo them from each other by using a long unique password for each one. That way when a service is hacked, it is the only account that is compromised. LastPass is a great service for this. Due to the way password resets are done today emails are a critical weak point. I also like the idea of using one email account for public communication and a second one purely for account logins, so now people have to get your password AND username. The internet is a pretty crazy place, be safe out there guys. :slight_smile:

I just got this email from my employers corporate security, 138 million!:

_"Important Customer Security Announcement - Adobe

As many of you know, Adobe has been a victim of cyber attacks on their network involving the illegal access of customer information as well as source code for numerous Adobe products.
Industry sources state that 138 million Adobe accounts were compromised while Adobe themselves state that 2.9 million customer’s details have been stolen. Data that was taken includes customer IDs, encrypted passwords, encrypted payment card numbers, expiration dates and information relating to orders.

has received a report indicating that your ‘@####.####’ email address is on the list as an Adobe customer with a compromised account. If you are registered with Adobe, please reset your password immediately.\

In relation to the 2.9 million accounts where data is said to have been stolen Adobe itself, as a precaution, is said to have reset those customers passwords to help prevent unauthorised access to those Adobe accounts. If your user ID and password were among that set of accounts you will receive an email notification from Adobe with information on how to change your password.

As criminals also seize opportunities like this to send out scams we ask you to be careful in any interactions with email suggesting it is from Adobe on this issue.

We recommend that you change your passwords on any website where you may have used the same user ID and password that was used with Adobe and that you should always keep a close eye on your bank account statements for unexplained transactions."_

Chris: I already have the foil up. I actually communicate to the boards via a mix of flag semaphore, smoke signals and carrier pigeon. I’m that far off the grid.

Sanjy: Oh boy…Can Adobe really have 138 million accounts? Crazy!

Attacks like this happen so often it’s insane. And these are just the ones that get detected…

Wouldnt it be simpler to just use cloud services for current projects then delete unused data as soon as the project has closed? That way you mitigate the amount of IP you lose in an attack.

This is a promising hybrid solution: decentralized cloud storage, combined with physical hard storage. I will definitely get one when they make a Windows Phone app.

xkcd comments: xkcd: Encryptic :wink:

From the alt-text: “There’s only one group that comes out of this looking smart: Everyone who pirated Photoshop.”

joly: remember, normally deleted files go to a trash can. They might not be visible, but they are still there and could be (theoretically) retrieved.

Thats true, and even if the trash is emptied it could still be retrieved if data hasn’t yet been written to that part of the disk… Even still, it would be a lot more difficult to pull off.