[ale] So, is the (tech) world ending?
Beddingfield, Allen
allen at ua.edu
Wed Sep 18 11:47:11 EDT 2013
I think it largely depends on who you are worried about as being the "bad guy" at any particular time. For example, we know the U.S. government, as well as a few others, can walk in and take data as if we left the front door open for them. For the average e-commerce transaction, I think we can exclude them as a concern. If they want the credit card data, purchase history, personally identifiably info, etc...they have any number of easier ways to obtain the same information. That leaves the discussion of how broken is SSL for keeping out the average hacker wannabe or eastern European criminal organization?
The biggest concern for me in using "cloud" services is where the portion of the cloud housing my data is residing. I know that many cloud providers are hosting services in Germany, Holland, Sweden, and Russia. What you have to keep in mind in that case is that your virtual machines and data are subject to the laws of the country housing the datacenter. If you are doing something that the host country takes offense to, you could end up at minimum getting your data seized, and possibly running afoul of some law or laws that you were not even aware of. From what I understand, Germany in particular has some rather "different" laws around business practices, and they do have a history of seizing servers and data.
--
Allen Beddingfield
Systems Engineer
The University of Alabama
________________________________
From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Michael B. Trausch [mbt at naunetcorp.com]
Sent: Wednesday, September 18, 2013 10:25 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] So, is the (tech) world ending?
SSL is largely broken.
NSA can't be trusted. US Government even says so (see NIST).
The only PKI that is safe is unrooted PKI, but we already knew that.
What does the whole of the last month mean for e-commerce and secure business for all those people using cloud-centric services? It'd seem to me that the best thing to do is keep everything in-house and trust no root certificates, going back to the old method of certificate management.
— Mike
--
[Naunet Corporation Logo] Michael B. Trausch
President, Naunet Corporation
☎ (678) 287-0693 x130 or (855) NAUNET-1 x130
FAX: (678) 783-7843
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diiiecab.png
Type: image/png
Size: 1701 bytes
Desc: diiiecab.png
URL: <http://mail.ale.org/pipermail/ale/attachments/20130918/52a8c2dd/attachment.png>
More information about the Ale
mailing list