Sunday, March 29, 2009

Cloud Security

How Safe is it in the Clouds?

As you can tell, I'm not all that skilled with photo editing, so I went with the Gizmodo approach. Anyway, the story I'm highlighting this week comes by way of Computerworld about Carbonite (a company whose main product is backing up your computer to the Internet, "the clouds") suing a hardware manufacturer for fault hardware that caused backup failures losing them data on about 7,500 customers. Carbonite claimed that the failsafe mechanisms on the machines didn't perform to spec whereas the hardware folks claimed it was mis-managed. In the end, much of the data was restored, but it has brought to question whether the cloud can be trusted. While some journalists would use this as an opportunity to blow your mind and tell you how unsafe it is, much like you'd think by watching the news that you're probably going to get shot if you walk outside, I'm going to say that cloud storage is safer than keeping it in your home, for most people.

When I say "most people", I mean average folks. If you're very tech savvy and good at what you do, then maybe you would take more appropriate measures. While I obviously can't give a lot of details on how Amazon stores its customer-sensitive information or how S3 (affordable, online storage) works, I can assure you that it's pretty secure on many levels. If you store your data on S3, or even likely on some of its big competitors, that data is replicated across multiple locations across the country (or Europe if you're an EU customer). You'd need a pretty ridiculous series of events to cause enough failures for your data to be lost, as opposed to you spilling coffee on your computer, or your external hard drive having a mechanical failure, or a thief robbing you, or something of that sort. I will grant you that you may have occasional issues of unavailability with online services, which is one leg up you have on keeping your small business data in-house or keeping your personal computer's backup in your bedroom where you have direct access to the hardware. Still, data being temporarily unavailable is not the same as it being lost.

What about your data getting stolen? What are the odds on that? This is a tough call, but I'd still argue that the data on the average person's computer (or small business network) is less secure than in online storage. There are so many ways to get owned by a hacker online it's almost miraculous to never get a virus or become part of a botnet or something equally terrible in the span of 6 months. It's kind of like the drug war - it'll never end. With every passing day malicious hackers get more clever and more malicious. Besides often being physically secure, a lot of these data centers are very restricted in the access to the Internet, and the traffic is often monitored pretty closely. Nothing is ever impossible when it comes to network security - it's all about playing the odds. The odds are just worse for you as an individual then a data center as run by (hopefully) competent professionals.

I know that cloud storage is a bit scary and requires a big leap of faith, and it may not be sensible in all situations, but it's not as bad as articles like the one I referenced earlier would make it out to be.

More Security News

I won't drag on the other security news too much, but there is some interesting stuff out there. Like the Conficker worm, which is the biggest thing since Blaster. In essence, it exploits a Windows remote server vulnerability that was patched already but unpatched machines are at risk and, since it's a worm, it looks quietly for others to infect (including your own USB drives). It has infected millions of machines and, on April 1, will ping 50,000 domains for instructions (I'm guessing that only a few will actually have the instructions, the large number is to throw off security engineers). So get ready for Wednesday, which will either be apocalyptic or just a big joke. I think it'll be the latter, but the worm writer may be renting it out for monetary gain so it's really anyone's guess. By the way, make sure you're clean.

Make Use Of has a really excellent round-up of extensions you can install in Firefox to make your computer just a little bit more secure. It has everything from a panic button to security ratings next to your search results.

I recently reported a story about a Pwn2Own (a hacking contest) champion stating that Safari on a Mac was the most insecure browser, who is now saying that Macs are more secure than Windows machines because there's less malware out there for them. I talk about Mac vs. PC security every once in a while, and either one is less secure depending on the context. The bottom line is that Macs are less secure software-wise but PCs are a larger target, which is why people perceive them as being not very safe.

Microsoft Marketing

This might've been a good headline topic to talk about, but oh well. I talked about Internet Explorer 8's release last week, but no one else really is. The bottom line is that it really wasn't marketed very well at all. Very few people knew it was coming (or cared), and though it was a pretty good product the number of downloads per day was pretty disappointing for the boys in Redmond. So what happened? My guess is that it may confirm rumors from a couple of weeks ago that IE8 would be the last one on this engine. It would make sense that they'd keep the release of IE8 quiet if they're planning on trying to ween people off of Internet Explorer. I know people have become skeptical of upgrading Microsoft products, but there really wasn't much bad mojo associated with IE8.

On the other hand, Microsoft is not doing to bad with their Windows campaign. A lot of tech elite have scoffed at the Seinfeld ads and the I'm a PC ads as being too little too late, but I think coupled with the buzz surrounding Windows 7 and an economy that's not favorable to Apple it could mean great things for Microsoft. This clearly isn't lost on them as they're getting ready to start a campaign comparing the relative affordable of a PC compared to a Mac. I think this is super smart. I'm sure that Apple will come firing back with something about quality and the fanboy war will continue, but you cannot dispute that PCs are almost always cheaper than Macs with arguably comparable hardware.

Executive Branch Supports RIAA Damages, EFF Fights DRM

President Obama's administration has taken a stance on RIAA lawsuits that is likely to shock some supporters: they believe that $750 to $150,000 per track in piracy lawsuits is a reasonable award in such litigation. I can't see how these are statutory damages as opposed to punitive damages at such astronomical rates, but I guess the administration felt it would be too liberal to disagree with the RIAA. Given that they're not going to be suing so much anymore I guess it's not that big of a deal, but I still think it's a terrible precedent.

The Electronic Frontier Foundation (EFF) testified at the FTC's hearing on Digital Rights Management (DRM) technology against it and has made publicly available its briefs on the issue. It really all boils down to DRM causing worse damage to consumers than the little help it provides to content owners. The EFF's comments aren't as long as they look (probably a 10 minute read) and they're a great read.

Monster's Tactics Still at Play

I'm giving bold text to this short article because I hate Monster and I love spreading the word against them. Sales of Monster's overpriced audio/video cables result in big commissions for Fry's employees, and so there are Fry's stores that have in-store displays comparing Monster to the other guys under the guise that you should "see the Monster HDMI difference" when the competing cable is composite instead of HDMI. For the non-geeks: composite cables are not capable of carrying true high definition, so they're obviously going to suck compared to any HDMI cable for HD content. This is an old trick that some thought died a long time ago, but apparently not.

On my last visit to Fry's to get an HDMI cable some sales guy tried to push an $80 Monster cable on me because it was "handmade" and rated for some asinine transmission speed. I saw one of their digital audio cables at a friend's place and it was terrible - it wouldn't even fit in the PS3. Don't buy Monster, Amazon has much better deals.

Final Stories

Ok, ready for the lightning round? I'm sick and it's almost drowsy medicine time, but I have a few stories left on my list. Let's see how fast I can run through them.

Tech Crunch ran a really good article about why advertising online is in such bad shape (basically: people hate and don't trust ads) and the article presents three alternatives for making money online: selling real things, virtual things, and access. I can imagine why it would piss off some people, but I agree with a lot of his key points.

Facebook is semi-caving to the backlash regarding its recent facelift: they've pledged to make improvements that they think will address some of the large concerns with the re-design. To be honest, I don't think the new look is that bad. I can understand that people like to trust a UI though, which is easy in offline software where you choose to upgrade as opposed to online where it's forced on you.

Twitter has confirmed that they're going to have premium accounts later this year for commercial customers. No word yet on exactly what they have in store (they themselves may not know quite yet), but with nearly 10 million visitors a month now, I'm sure they're ready to start making money.

A non-profit campaign on YouTube raised over $10,000 in one day. I'm sure YouTube is going to use this to try to sell YouTube ads to commercial advertising firms, but I don't think you can compare commercial ads to the faces of needy kids in Africa. Still, I think the non-profit tie-ins are great.

Skype handles more international calls than AT&T now. Bam.

If you hate the Craigslist UI, you may like Craiglook. Having had to spend a lot of time on Craigslist last summer, I always like to see mashups like this.

I hope everyone has a great week! I wonder how many days this week in Seattle will be as pretty as today?

No comments: