Sigh... MS missing the point with Data Center security

Discussion in 'Windows 10' started by murphy78, Oct 23, 2014.

  1. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,541
    340
    Not to mention that cloud services are a no go generally.
    Thank god more and more are offering Network Attached Storage to setup a 'home cloud'...

    It is a market niche one could make money offering pre-configured easy to use NAS for a cloud@home.

    Why should be a cloud somewhere where you don't know? There is no reasonable argument.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    I think this is a big problem with trying to make it some institutional thing.
    Google chrome is getting to be big enough that the cloud services could be targeted.
    We already know that like millions of username/pwd were taken from various companies.
    Is it so much of a stretch to think people won't apply some of those u/p to chome to see if they can download people's auto-fill/pw data?

    How many of us bookmark a website and then have the password stored on google's cloud server?

    Well this is essentially the same prospect with the OneDrive.
    If you know someone's ms-email u/p, how much of a stretch would it be to plug those into a vm and scan around Internet Explorer for password info.

    I know many sites that store your credit card info based on your username and password.

    This is a friggin recipe for disaster, Microsoft!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. arseny92

    arseny92 MDL Secret Weapon

    Sep 22, 2009
    570
    1,253
    30
    You can't do that, since to sync passwords, you need to first designate that system as a trusted device, verifying through your security proofs, at least two of which became required since not so long ago. Secondary email/verified phone for SMS/authenticator app
     
  5. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,722
    1,952
    210
    That has in reality to do with any OS and for sure not limited to Windows 10 or even only any Windows running computer! Although, Cloud computing isn't an invention from Microsoft!


    Encryption helps? To some extend for sure, but all! Still hackalble in some means!


    Whats about NAS (Network Attached or Accessible Storage)? Max as good as the security of the used Networksystem! 99.9999% of all Network Systems or connected to the Internet and accessible from it! How secure is that? In fact it is as same hackable as any Data Center or even more, depend on the structutre of installed security.


    All will come down to the same level: NOTHING is perfect! And in that it means: Secure! And how it could be perfect if those who invented, created, build and use that are NOT perfect?! Simply impossible!


    Only solution is never be connected to any Data-Network, not by wire, nor wireless!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    Well at least they could have that going for them.
    You'd still have all your homemade porn available for everyone, but your passwords could be secure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    I'm all for them adding extra layers of security, but I have a sneaking suspicion that there will be backdoors built-in or there will be weak points in the security.
    If you were going to rob an armored car, would you just run up trying to shoot through the armor? Or would you wait till the guys got out and started carting the money back and forth.
    That's a terrible analogy, but it shows how people won't attack where things are strong. They go after the weakest links in the chain.

    In the case of the cloud, the weakest link in the chain is always the user's stupidity.
    They often use the same username/password for EVERYTHING.
    They only slightly get past this with the sms/2nd-email thing.
    Of course it wouldn't help much if the user used the same username/pw but just with a different service.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Shadykillas

    Shadykillas MDL Junior Member

    Mar 30, 2011
    72
    13
    0
    I have and do use my Microsoft Account for many thing. I also have an authenticator on my account with a mobile app so that it will ask with every sign in (on an untrusted device) for a code. This being said Microsoft has you verify your account with a code (sent to a end e-mail or via SMS) to make a device trusted. The biggest backdoor that I have found is POP (it requires your password to be hacked and is disabled by default). This kind of access to your e-mail account doesn't require an authenticator and could be used to get a lot of info while changing account info outright would not be possible getting into other accounts, sending e-mail or many other things could be done. Accessing SkyDrive or other data stored with the account would still be out of the question but there might be a way to backdoor the account or made a device trusted or remove the authenticator if they have e-mail access. I know that I have access attempts from China using POP on my account all the time. But as pop access is disabled I just laugh and go on my way.
     
  9. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,396
    464
    120
    That e-mail account thing has been existing until this telemetry in Windows 10 came along. I think he is so much concerned about what Microsoft collated through the process than hackers possibly accessing and stealing your e-mail account information directly.
     
  10. bchat

    bchat MDL Smart Azz

    Nov 7, 2008
    1,722
    453
    60
    In the old west, outlaws used guns to rob money/gold from stage coaches.
    Today hackers use computers to rob data from servers.
    Same deal - different day.

    Good news, if you can find a stage coach, store your data there.
    Not one report of a "data heist" from a stage coach was ever filed.
    Thank you John Wayne.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    7,008
    7,160
    240
    :rofl: you made my day bud
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. bchat

    bchat MDL Smart Azz

    Nov 7, 2008
    1,722
    453
    60
    You're welcome. POP (point of post) - the the more things change, the more they stay the same - or - with each new "mouse" a new "cat" comes along.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Shadykillas

    Shadykillas MDL Junior Member

    Mar 30, 2011
    72
    13
    0
    #14 Shadykillas, Oct 23, 2014
    Last edited: Oct 23, 2014
    Well it is true if you don't trust the cloud provider to handle your data internally the way you like it then you shouldn't use the provider (grant you with the Windows 10 Tech Preview you don't have a choice). If you are worried about your data being hacked from a provider such as Microsoft that I think (used and have researched for many of the clients I advise and service) has one of the most secure cloud infrastructures in the world I personally not lose any sleep over it. I know that azure for example has a none access policies where techs that work in the system do not have rights and are given them only on request for a specific task and then the rights are revoked after that task is complete (just an example). Now I'm not saying that anything is unhackable / crackable but I would trust the security provided by Microsoft from outside attacks to your data over 99% of what most people run onsite and when you look and compare what they use and policies they have in place it's hard not to laugh at people that think their data is more secure onsite.
    Now what about privacy of the data your store with a cloud provider. That is a different issue and one that there is no good answer for. We have seen time and time again where government agencies have been calling for backdoors (now they are using the term front doors because it sounds less shady but it's still the same s**t!) in everything you could think of. Most tech companies have not been so forthcoming about their "fight" to protect your data from prying government eyes until Snowden and if this was just a knee jerk reaction with an about face of stance on the matter of if it was reviling how they really felt and what they have been doing is really up to the user to decide. I do find it funny that many big tech companies, Microsoft, Google, ect. have made a lot of changes to protect data after Snowden when really they have to have known all along that theses types of attacks where being carried out after their refusal to be so cooperative with the access demands for data.
    I for one am Skepticly sipping the cool-aid so to speak. Do I fully trust any tech company to do their best to protect my data from unneeded government eyes? No I don't. But I do trust them to at least put forth some effort and for most of work my data I don't really care. For now I am giving them the benefit of the doubt but that could change.
     
  14. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,396
    464
    120
    I couldn't have said it better. Arguably, Microsoft has a better security records than any other when it comes to hackers stealing people information online. However, this is not so much about stealing as those who are against the collation of information from their systems cited how such information can be shared with third party like the government on compulsion. Based on that single evidence, after seeing what Edward Snowden revealed concerning how tech giants are colluding with NSA or battling their way to keep to their terms with consumers information, it becomes clear the reason people are so much skeptical concerning this telemetry thing or cloud system. Despite the talk on cloud security, which I think is a rabble-rouser, there is nobody who is able to point out where the Redmond tech giant has given their information out to a third party or hacked rather than some speculations.

    Indeed, I would be interested to see proofs on this overrated idea of Microsoft using Windows 10 Technical Preview as a means to collect people data and provide them to a third party without following rules.

    There is not complete trust on tech company as you rightly say. But, the notion that for some speculations we all have to cry over collected information to set the records straight on providing better Windows experience to consumers is utterly absurd.
     
  15. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,541
    340
    To me the primary problem is the trend to move from local storage to to cloud services.
    Security is second.
    And it is not M$ alone, it is a general trend coming from the 3 US IT giants.
    When you switch on an Android device you have to go through a general setup, language, Wi-Fi and so on but it also nags with setting up cloud service related functions, which are usually enabled per default. It starts with sync of address book, backup / restore services.

    I DON’T want your help, Google, M$ and Apple. If my phone’s SD becomes corrupted and I haven’t made my own local backup it is my problem.
    And I also don’t need your help to recover my account’s passwords / my address book / app settings.

    All those 3 companies are offering such services to gain own control, not to do a favor for the end users.
    And security is and was always a matter since we have the internet. It is no technical matter, the point is that these companies are not really interested to offer best security measures that are available. The contrary they share the way to decrypt the data with the NSA in return they get political and judicial benefits through the govt.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    That's a good point Yen. I didn't think of it in terms of them wanting to control the customers by making them dependent on the cloud.

    Even now, people who don't pay for a TV service such as cable, direct-tv, or fiber are known as cord cutters; implying that they are quitting cold turkey to an addiction.

    I wonder if they are aiming to foster a dependence.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. T-S

    T-S MDL Guru

    Dec 14, 2012
    3,988
    1,313
    120
    Putting the data back to the big storage centers is something like the came of Napoleon after the French revolution.

    Personal IT is/was a revolution because, well... because it's PERSONAL, cloud services are just a big step backward for the whole mankind.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Hadron-Curious

    Hadron-Curious MDL Guru

    Jul 4, 2014
    3,396
    464
    120
    Is the cloud so much different from social media while looking at it from information storage perspective?
     
  19. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,787
    10,365
    210
    Yes, but not in the way you probably think.
    A cloud is a policy-based implementation where certain data is getting uploaded by policy settings automatically.

    It differs from Social Media in that the user, most of the time, has to select what they wish to share.
    There are nefarious sites that automatically "like" something or try to manipulate the user to gain popularity, and in turn, advertising revenue.

    There just aren't a whole lot of controls for clouds and they are very insecure.
    You could put the best locks on all the doors and all the security implementation in place, but what's to stop someone like Snowden, who works at the company, from taking all the data and sharing it against your permission?

    It's essentially like putting your car in a storage lot and trusting that nobody will steal it.
    It only makes you feel a little better that there's a security guard. Someone can still take your car if they know what they're doing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...