Cyberfreek on Twitter  

   

CyberFreek Follows:  

   

When the idea of Cloud Storage was first introduced, I immediately cringed and looked into it.   IN it's infancy, Cloud Storage was a real hot commodity but was not delivering the levels of security an in-house IT department could.  In time, levels of encryption were introduced and this seemed to make Cloud Storage more enticing.  However there is always one question that could not be answered.  Who holds the keys to the encryption of data in the cloud?  The provider in most to all instances, holds the encryption keys.

So lets see, you have the keys and my data sitting on your infrastructure in the cloud, what sort of guarantee do I have that someone there at your organization or external entity can't steal the keys or be looking at or stealing my data?  It's always been an issue of trust.  Is it cheaper to store petabytes in the cloud than internal to your organization?  In a more secure environment than at a vendors site?

hmm...

Ok, now add in this article concerning that the NSA has been looking at your data in the Cloud. (Read Article Here)

Answer me this oh pundits of Cloud Computing, where is the security and trust that my data is safe in the cloud ?   We can argue the pros and cons of allowing the Government to look at our data, but even the Gov has been proven to be insecure.  They STILL are arguing the up and downsides of Cyber Security, for what now? 6 or 8 years now ?  So the GOV aka through the NSA has opened the vaults.   Can anyone see the REAL Cloud Bursting effect that this will have ?  If trade secrets are placed in encrypted vaults within the cloud and the NSA has full access to these vaults, WHO ELSE has access to these secrets ?   Do you really think that the NSA or any branch of the GOV is secure?

Rude awakening time coming.   I've been saying for years that Cloud Computing is not safe and has serious downsides that everyone seems to be ignoring. Companies, Federal and State agencies have been flocking to "the cloud". I can't wait for the day, and it is coming, that the snake gets out of the bag and starts biting everyone who jumped onto the Cloud bandwagon.

Reading into this article, this is really nothing more than the "fox IS in the hen house" or the old childrens tale of "The Emporers New Clothes".  Welcome to the real world people. Your data data vaults are open and there is nothing you can do about it while you stay in the cloud.

 

Enjoy and please remember to compute safely.  Even though your storage doesn't !

 

 

 

 

Recently  I downloaded a free software package to convert video formats from one type to another.  The software cleared Malware and Anti-Virus scans and was labeled as clean.

The problem with the "clean status" is that the installed included a call off site to another package or included this seemingly benign software called StrongVault, which is supposed to be an off site "secure" storage facility.  It also installs something called SOSOnlineBackup.  Further investigation of this "StrongVault" found that it is deemed as a malware by Symantec and other companies.  It gathers information, keystrokes, print outs, tracks your web search and usage and stores other PII information not related to a "backup" or internet use.  It stores it awaiting instructions to upload to one of their servers.  There are about 5 to 10 different domains it sends it to, supposedly all related to "strongvault".

The software wraps itself around and injects itself into every software package located on your system.  If you open a Word Document, it saves this information. If you print to a printer, it asks for permission to the "StrongVault" cloud service.  If you print or save a document in PDF, it again asks for permission to the Cloud to be able to do this. Worst is that it also embeds itself into your browser.  So if you try and remove this, it may cause system errors with your browser of choice.  What it embeds is a virus or redirect called Delta-Search.  This can be a rather vile piece of software aimed at controlling your browser and downloadable content.

Bottom line, it tries to overcome your system and control what you are doing, saving, printing, opening, viewing, etc.

It seems that there are a lot of individuals that incorporate this "StrongVault" software into their free packages, just like many of the "toolbar" packages do.

To remove the software, gets really interesting.  You have to uninstall the main components (in Windows) then walk through the registry to get all references to "strongvault" and "sosonlinebackup" removed from the registry.  You quickly find out that there are hundreds and hundreds of Registry entries for these packages.  Again, it tries to inject itself into EVERYTHING.

So word of caution, if you download a program form the Internet that is "free" or if it is a paid package and it includes this "StrongVault" software,  you just got had. Its a real pain to uninstall this.  I strongly suggest backing up your registry as well as doing a System restore Point prior to installing any new software.

Many of the Anti-Virus packages do not understand Malware. Malwarebytes Anti-Malware did not see this also because its embedded within the original software.  Nice stealthy way to infect a system, eh ?

This is one of a hundred other downsides to "cloud storage".  You have no idea what these people are doing with your information stored there. Is it encrypted ? who knows!  They say it is, but will never give you the information you need to prove or disprove their encryption.

 

For more reading  I suggest these links:

Norton/Symantec information

Additional Information from Tee Support

Firefox Information on this

Additional Information on the problems with StrongVault

Removing Delta-Search

Cloud Storage provider DropBox is still having various problems as related to Security.

In the latest issue, it seems that Passwords were optional for up to 4 hours.

the complete story is located here.

Interesting Article on "Why the DoD wants Cloud Computing".

This just scares me.  If we all rushed to the cloud and the cloud burst, what happens to our security?  What happens to those men and women in the military who's information just became wildly accessible to all ?

I sure hope that the DoD is on their own Cloud, away from my or anyone elses.  I really don;t want to read about any of this stuff down the road.

 

 

 

What is this new technology that everyone is racing to embrace?

Wikipedia has a good explanation:

Cloud computing refers to the provision of computational resources on demand via a computer network. Users or clients can submit a task, such as word processing, to the service provider, such as Google, without actually possessing the software or hardware. The consumer's computer may contain very little software or data (perhaps a minimal operating system and web browser only), serving as little more than a display terminal connected to the Internet. Since the cloud is the underlying delivery mechanism, cloud based applications and services may support any type of software application or service in use today.
 

Some references are made to "Software as a Service"  (SaaS)  to explain the Cloud.

NIST however states it this way:

The National Institute of Standards and Technology (NIST) provides a concise and specific definition:
 
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.[1]

 

In plain terms, what does this mean?

Cloud Computing is nothing more than Outsourcing your IT needs to another.  Period, nothing more.

You can argue all you want on various terminologies, phrases and what this is.  But when push comes to shove, the term "The Cloud" is nothing more than a fancier term for outsourcing!

We look to outsourcing for programming, Web Hosting It Management, Security Management and a slew of other things.  Now we look to move parts of or a complete IT structure to Outsourcing.

What are the dangers?  Has anyone really honestly written an article on these issues?  I'll try to post some thoughts and point out some issues with this rush to the unknown.

Oh, and let it be known, I started using the term "Cloud Burst" as a way to describe the impending failure of "the Cloud", back in 2000 or as early as 1995.  It was my way of explaining in this new term what sooner or later will prove to be a tremendous mistake.

No I am not a fan of outsourcing. It takes a away jobs and introduces a great deal of unknown risks.  Some risks as so masked in rhetoric and sales pitches that to me, this is exactly the story of the Emperor's new Clothes by Hans Christian Anderson.

Gartner, tries to sum it up with 7 Cloud Computing Security Risks.  I believe there are a great deal more and we are not even going to talk about placing your Applications in the Cloud.  That subject is so deep that they still can't find the bottom of it.

For any Business,  Organization or Government Agency (Federal, State or Local), you had better do your homework on these risks. Learn to look past all of the hype and see the risks clear and precise.  If you do not, you are going to have something bite you so hard,  a Great White Shark is going to be jealous!

I guess the bottom line is how much savings do you create when you hand off your business, infrastructure and applications to an unknown entity?

Do the savings out weight the risks and damage from loss of business, reputation, data?

Steve

   

Advertisement

   
© Cyberfreek.com 1997-2020