Is it me or has everyone been hypnotize that Cloud is all :tup::tup::tup:?
It’s fairly obvious that if the hackers can tap into cloud’s shared memory or disk!!! … say good bye to your Security Identity. Seriously, as soon as you deploy to your app on to these cloud… it’s same as putting bullseye symbol on your ass. Sure, your app will be more secured than before by using their “fabricated” security features. However, you still have bullseye symbol on your ass that every hacker in the world will try to crack open! I’ve found out that these server farms…shares memories! If a hacker decides to deploy a dummy application in the cloud and somehow taps into shared memories from major banks, Verizon, AT&T, and etc… . I’m a bit scared…
Unless there’s a proof of concept I wouldn’t really worry about it, I doubt someone like Amazon or Google would go into this without considering such an event.
These guys will use Distributed Share Memory. Meaning, all application that’s hosted by them will “share” memory like “share” cpu. A hacker can simply purchase a plan to host their app and easily tap into DSM. By default, they can “only” see the memory they manage…however… I don’t think it’s out of range to steal other info in the memory space w/ hacks… of course I don’t know how to do that x:x But in theory, this sounds very doable to me.
Of course, I’m not saying Cloud is bad as it saves tons of $$$$, immediate scalability, low maintainance, and etc… but people forgets about security risks. You know I won’t be surprise that these cloud hosts have the ability to “remote” access the virtual machine… this creates huge chance of being “pwnage” by the hackers
Don’t be scared…there’s a lot of really smart people working at Verizon, AT&T, major banks, etc. That’s not to say there are never issues…just nothing to be scared about.
The security of credit card information is taken seriously by all parties involved…from the banks to the credit card companies to the many governments of the world. I’d be more concerned about the coming inflation eating up all your savings than “the cloud” imploding.
Already done. From a reliable source, someone was able to deploy fake app into the clouds. I think someone challenged MIT to crack their cloud. Also, there’s only handful of people who knows “Cloud Security”. In a way, it’s so new that there’s not that many people to know well enough to be called “Cloud Security Expert”.
You’re right though. Cloud hosts will have better security than doing it yourself. A analogy would be… let say you need to transfer a very critical item from point A to B. Would you
A) Ride in a “very” secured truck that is easily spottable from “ALL” hackers.
B) Ride in a taxi to be obscured w/ other taxies
No doubt, Cloud will offer better security but more hackers will try to crack it.
That’s the thing. Credit card leak information has already happened to various companies. But the credit card is limited to those ones that’s related to that one company. For example, if WalMart got hacked and I didn’t shop at Walmart, I feel safe. Now all these companies will be on ONE platform or at least various companies using the same Cloud Hosts. Now if someone succeeds…not only they’ll get credit card info from Walmart, they’ll get plenty of others as well. It’ll definitely be on CNN front page. My guess is that these companies will use Cloud hosts for non-critical apps but not mission-critical ones. At least that’s my thought or hope to be.
I listened to an interview with the CEO of the cloud storage host Dropbox… and the facts he provided make me suspect that a hacker is not going to simply be able to break into the system and steal your data (unless they get your username and password - the weakest point of any secure system is it’s users). Dropbox use Defence department level encryption on EVERYTHING within the servers which isn’t likely to get broken, apart from that none of the staff can read any of the data on the servers (only the end users who setup the account can). The top three people at the company can override the system but it requires three key cards and one of those switch systems like you see in movies where they launch the nukes. That and the places where the data is stored is like a fortress with eye recognition, key-cards, biometrics and such (with the usual guards and cameras) and if the disk is removed from the rack it’ll fry the data. Now I’m not saying it’s totally secure from hackers, because obviously people who steal your credentials can get in… but all things considered there’s nothing more they could do to prevent hackers… their physical storage is secure, their system is heavily protected from code injection (et al) and the only point of penetration is the stupidity of the end user.
x:x But in theory, this sounds very doable to me.