One of the boasts made by software companies pushing cloud-based storage and computing is that the security around their servers is stronger than that of your office -- a claim I do not believe, because it cannot be proven.
And now The Register this morning reports that hackers have found a trivial way to compromise cloud security w-a-y over there at the client end, outside the thick-walled, spotlight- and machinegun-infested, barbwire-topped, moated bunkers housing the servers:
The ZeuS-based Trojan works by capturing a screenshot of the payroll services web page when a malware-infected PC is used to visit the site.
This information is uploaded, allowing crooks to obtain the user ID, password, company number and the icon selected by the user for the image-based authentication system...
This trojan horse is specific to financial services, because of the money that can be syphoned out. It is easy to imagine programmers authorized by certain countries using the same technique to access CAD and other data files containing intellectual property from which to produce knock-off products.
When small offices are broken into, the losses are small; when cloud services are broken into, the losses are huge. Eggs in a distributed egg hunt are more secure than the centralized basket of eggs.
Source:
www.theregister.co.uk/2012/04/11/zeus_based_trojan_targets_payrolls
Back the truck up here a little bit. The security didn't get broken. The password was compromised, not the security.
Couldn't this same thing happen for your desktop computer?
Posted by: Kevin E. | Apr 11, 2012 at 10:21 AM
Could the same happen on my desktop computer? Yes, and that is precisely the point: that the cloud is not safer than desktop computing, due to security issues at the client end.
Posted by: Ralph Grabowski | Apr 11, 2012 at 10:59 AM
Ralf, the link you provided on your blog above is broken. Actually you copy/past extra space which was "escape coded". The right link is here -- http://www.theregister.co.uk/2012/04/11/zeus_based_trojan_targets_payrolls/
If, as you said, cloud is as safe as PC, this is really good news. So, everybody can leverage cost efficiency of the cloud solutions.
Posted by: Oleg Shilovitsky | Apr 11, 2012 at 02:56 PM
The cloud as safe as the desktop is good news? No, because the cloud should be safer, else there is one fewer reason to use it.
Posted by: Ralph Grabowski | Apr 11, 2012 at 03:03 PM
Ralph nothing these cloud guys claim can be proved especially in the CAD world. "Leverage cost efficiency of the cloud solutions"???!!! What the heck does this market pr babblespeak mean? Now I am commenting on the cloud re CAD. Not one of these cloud proponents has spelled out obligations between buyer and seller nor indemnifications for buyers. They also have not provided proof of concept yet for this. When will this pay for play monster just die and go away is the big question I would like an answer to. The deafening silence by cloud proponents to address numerous concerns by users I think speaks for itself.
Posted by: Dave Ault | Apr 16, 2012 at 03:16 PM
My understanding of the Indemnity Clause is that it reads something like the following:
"If we screw up, you're screwed."
Posted by: Ralph Grabowski | Apr 16, 2012 at 03:23 PM
Ha! Ralph you forgot that they will still send you a bill for that months screwing and expect you to pay it if you want to keep using your data.
Posted by: Dave Ault | Apr 16, 2012 at 03:31 PM