Aardvark Daily

Please visit the sponsor!

Hackers poke holes in clouds

The cloud is the future of data processing -- or so we're told.

Why clutter up your own computers with data and why bother with such annoying routines as regular backups when, by harnessing the power of the cloud, you can effectively outsource all that work to someone else.

Slowly but surely, thanks to the hard work being done by Google, Yahoo, Apple and even our own Xero - people, businesses and even governments are warming to the concept of cloud computing.

However, a story on the news-wires today ought to give reason to reflect on the sometimes very serious downsides of that cloud.

I'm talking about security - and the fact that almost half a million Yahoo passwords have been compromised.

Not only were the passwords available to the hackers in plaintext but Yahoo seems not to have even contacted those who may have been affected for quite some time after the intrusion.

That such a high-profile cloud provider used such bad practice and made the job so easy for would-be villains is unbelievable.

While the company might suggest that it's not really such a big deal, since this information affected only a small part of its offerings, most notably their "Contributor Network", I'm picking that those whose passwords were compromised might not agree.

This fiasco does however, raise the issue of just how secure anyone's data might be when it's stored in the cloud.

Take for example, something as elementary as web-based email...

There are few people who don't have a GMail or YahooMail account these days and sometimes, those accounts can accumulate a significant mass of very important information.

Login ID confirmations, banking details, personal communications, and a raft of other stuff you probably don't want your competitors, your enemies or anyone else to read. So what happens if/when your cloud-based email is hacked?

What if you don't even know it's been hacked - so the loss of privacy and dissemination of critical information goes unnoticed?

While it's true that hacking is a risk for all computer-users, unplugging your own machine at the end of each computing session can significantly reduce the risk to data stored on your own drives. I've yet to see any hacker who, regardless of their skills, can hack a computer that has been unplugged from both the mains and its DSL connection.

Anyone who relies on their cloud provider to deliver bullet-proof security is also living in "cloud" cuckoo land. As we've seen recently, passwords are regularly extracted from sites that ought to be secure. Digital certificates are compromised and all manner of other techniques have been used to penetrate the impenetrable.

Security in the cloud is as ethereal as the cloud itself -- just a wispy illusion in all too many cases.

Does this mean the end of the cloud as a concept?

Of course not. Even though hundreds of people are killed on our roads each day, most of us are still willing to accept the risk of driving - because we know the odds are low and the benefits far outweigh those risks - unless you're one of the unlucky ones.

The choice between using the cloud and using your own local storage and apps is one that can only be made after careful evaluation of all the factors involved. For many, the cloud will be the best choice. For others however, it might pay to keep your secrets a little closer to home.

I'd like to hear from readers... how much data do you commit to the cloud and how much do you keep only on your own computer? And, what measures do you take to protect your most sensitive data?

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font