Why I don't trust The Cloud

MCN · Super Spammer Joined: 22 Jul 2015 Karma :

https://techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/

Western Digital hacked

The company has shut down all profile access and e-sales until later this month.

I have nothing uploaded to online storage, precisely for this reason.
____________________
Disclaimer: The comments above may be predicted text and not necessarily the opinion of MCN.

MarJay · But it's British! Joined: 15 Sep 2003 Karma :

I mean... have stuff uploaded to cloud storage, just not stuff that is personal, compromising, financial or what have you.
____________________
British beauty: Triumph Street Triple R; Loony stroker: KR1S; Track fun: GSXR750 L1; Commuter Missile: GSX-S1000F
Remember kids, bikes aren't like lego. You can't easily take a part from one bike and then fit it to another.

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

I've been working in the industry for a good few years. Until now, I didn't even know that western digital had a cloud offering.

In general, a cloud provider is much better at securing your data than you are, and far better at preventing data loss from a knackered hard drive. The problem is that when they fundamentally fuck up, an awful lot of people are affected.

If you don't trust their security but want a backup, just encrypt your files before uploading them. You can do it easily and for free with 7-zip.

Easy-X · Super Spammer Joined: 08 Mar 2019 Karma :

xX-Alex-Xx · World Chat Champion Joined: 12 Sep 2019 Karma :

WD security has always been a bit.. lacking. Their consumer stuff has had multiple vulnerabilities over the last few years…

https://www.techradar.com/news/wd-my-cloud-nas-boxes-found-to-be-vulnerable-to-online-hacks

Cloud storage from a competent supplier will be massively more secure than what a typical person at home could provide. Just make sure you chose a service with encryption at rest, ideally with a customer managed key that only you have.
____________________
DILLIGAF

dave001 · Banned Joined: 22 Nov 2022 Karma :

I would never use a cloud server for anything i cared about.

eather it on my server encrypted or it will be on my own off line storage.

most dont take privacy or security serously

dave001 · Banned Joined: 22 Nov 2022 Karma :

doggone · World Chat Champion Joined: 20 May 2004 Karma :

I found it amusing they sent emails out saying beware of emails from them.

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

MCN · Super Spammer Joined: 22 Jul 2015 Karma :

My beef with cloud is also a network access issue.
I don't always have Internet for weeks at a time.
So manage with sticks and ssd drives.
Sandisc had some apps on one of the sticks that could crash through the work's security system and break out into the www. Freedom. The work blocked all social media and personal email. So it was a nightmare skyping home from brasil. Bastirts...
But the sandisc stick worked.
I don't know how.
We also had a guy wrote software to thwart the Great Wall of China. Not for sale, I gave sticks to his Chinese pals.
We do no know we are living in the west.

I will revisit my cloud aversion. Lots of good info here.
____________________
Disclaimer: The comments above may be predicted text and not necessarily the opinion of MCN.

Ayrton · World Chat Champion Joined: 02 Sep 2010 Karma :

MCN · Super Spammer Joined: 22 Jul 2015 Karma :

CaNsA · Super Spammer Joined: 02 Jan 2008 Karma :

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

Onedrive is data storage in the cloud. Typically it backs up a folder on your machine, like "my documents", into the microsoft cloud. It keeps the cloud version current with your local version when you're online.

Your password manager likely also backs up in the cloud too, if you're using the default google or microsoft one, or something like lastpass or 1password. If you are, it's important to have a strong, and most importantly unique, password for that account. If it's all hanging off your google account, and your google account password is kittens, you're wide open.

So there's two pretty fundamental ways you may already be storing important data in the cloud without noticing.

Finally, the app on your memory stick is probably a virtual private network, or VPN. It creates a nice encrypted pipe between your computer and an endpoint somewhere far away on the internet. Your company can't block websites, because they can't look inside the pipe. They could (and should) block VPNs though.

MCN · Super Spammer Joined: 22 Jul 2015 Karma :

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

My stock advice then for people who don't want to learn all this shit, and just want it to work.

Use a password manager. Let the password manager create and store your passwords. This means you never re-use a password.*

Have a strong password for your password manager, and for your microsoft and/or google accounts. They may also be doing password manager stuff for you, or even storing the master password for your other password manager. It's hard to avoid doing this.

Your 3 master passwords (password manager, google, microsoft) do not need to be impossible to remember. You're avoiding them being easily brute forced, or guessed by someone that knows you. The attacker probably only has a handful of attempts before lockout anyway. So don't go locking yourself out of your own accounts over a password you can't remember. It's also OK to write it down and keep that piece of paper somewhere safe - no-one is breaking into your house to find your password.

*re-use the biggest problem. If your google account is the same as your BCF password, and someone extracts that password from BCF, they have your google password.

Apart from that, leave auto-update turned on for everything.

panrider_uk · World Chat Champion Joined: 23 Sep 2007 Karma :

Why would you trust a password manager not to send your passwords "back home"?
____________________
Current bike: Honda ST1100

Fat Angry Scotsman · World Chat Champion Joined: 12 Jan 2021 Karma :

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

P. · Red Rocket Joined: 14 Feb 2008 Karma :

Amazed peope use those "hosted" NAS devices like my cloud... its made by engineers to put a fluffy front end on for Doris at home, security may have been involved at one point, but you can bet your arse after v1.0, they didn't get another look in Laughing

I don't have a cloud based pw manager, only because I've always used KeePass and whilst some of my passwords are for things that no longer exist, its been in use by me for 11 years.

I don't like change and I don't like trusting someone else with my stuff, but its a see-saw for me, as Robby says, the bank has my money, I trust they won't fuck it up... but thats a requirement for me to live, have some form of credit, a way to pay all my bills.

Passwords, meh, for the important stuff its not just me that holds the password. Non-important stuff, I can work around that later on.

And again, with the trust thing as Robby mentioned, most nerds are looking for this naughty naughty, like Eufy... I know a lot of people used them, I know a lot have now removed them.

https://www.cnet.com/home/security/eufy-cameras-caught-sending-local-only-data-to-cloud-servers/

Trust is a big thing.

Robby · Dirty Old Man Joined: 16 May 2002 Karma :

There is also a lot of knee jerk hysteria, which is what started this thread. Western digital had a hack, therefore all of cloud is bad.

That's the equivalent of VW doing a recall, so no more cars for anyone.

Islander · World Chat Champion Joined: 05 Aug 2012 Karma :

Islander · World Chat Champion Joined: 05 Aug 2012 Karma :

Islander · World Chat Champion Joined: 05 Aug 2012 Karma :

Islander · World Chat Champion Joined: 05 Aug 2012 Karma :