Password 101: how to suck at security

Password 101: how to suck at security.

(Totally not a satire post…. Totally…)

1. Always Use a simple password.
2. Always write it down.
3. Always Use the same password for everything.
4. Never change your password. Continue reading

Life Without Dropbox

A few months ago, I decided it was time to reinstall Xubuntu 12.04 LTS on my system for a fresh install. I made the mistake of making system changes and installs without testing results in a VM first. This time would be a clean install, keeping it as bare bones and optimized as possible. Only tools that I use or need would be included, and to determine need, I would only install a tool or application once I had to boot a VM and install it first. If I had to boot the VM once or more a day, then I would install the application on my main system. So far, two months have gone by, and I have yet to even install Dropbox in my VM.

Dropbox has its place, but for me, it seems to be more of a headache than it was worth. I like to be in possession of my data. I have more than enough space on USB keys, and removable hard drives to be able to have my data mobile. Dropbox has been hacked a few times this year, and just doesn’t hold the wow-factor it once did for me.

Cloud Storage has been around for so many years, but got re-branded as something special. I have used FTP servers since the 90’s and I have my own FTP server running at home on a random port, dynamic DNS, and watch my logs. I prefer to be the one to hold the keys to my data, and its known that Law Enforcement has before gained access to contents of Dropbox accounts. I hate the argument “If you have nothing to hide, then there is no problem who watches” because that inherently means we are all untrustworthy. In this country, you are supposed to be assumed innocent until PROVEN guilty, and it seems that companies would rather bow to law enforcement than fight for their customers.

I would rather not have my data instantly synchronized across all my computers, and need to carry a USB key or two, than to have to worry about hackers, or law enforcement being able to gain access to it.

I simply want to make this argument as food for thought. Do you REALLY need instant access to your data over the net? or is it something that can reside on your local storage?

To Cloud or not to Cloud? That is the question.

So today I read a nice little article about Dropbox being hacked again. They claim it was because of a third party leak that hackers were able to use email/password combinations to access some Dropbox accounts, and an employee account that contained user information. In the interest of Full disclosure, I’ll admit I have some Dropbox accounts, but unlike the average user anything I put in mine, I encrypt myself AND I never put anything confidential or sensitive inside my cloud account.

Today’s news however, makes me question even using the service at all. I have closed some of my non-essential accounts and I am debating stopping use of the service all together. Because of my job I have access to people much smarter than I, including those in law enforcement. A police forensic investigator let my department know that out of all the cloud solutions out there, iCloud is currently the only one he would use, because they WILL NOT give up user data to anyone, while literally all others will.

It scares me how quickly the companies we trust with our information, are willing to fold on us. The question that leaves us with is, is it even worth using services for cloud storage anyway? lets take a look at some of the basics of what it really means. With cloud based storage solutions, you are trusting your data to a third party, and in many cases they retain ownership rights to that data (Read the End User License Agreement). This means, if you use it for work any work related documents or information just left your company’s control which could be grounds for termination in many companies. If you use it for personal purposes, even if you delete the files in your accounts, they will still have copies of those files and will be able to read use them as they see fit, I know many of the cloud providers state they will not use your data, but they still have the ability too. Many times your connection information can also be found from your accounts if it was compromised, your computer names, your IP addresses, and the types of devices you use can all be of benefit to hackers and blackhats.

Many companies have policies against using Dropbox and other cloud services for security reasons, and that is of interest to me. There are a lot of times that companies over react to technology, but this is not a rare policy which when you read some of the license agreements you would understand why. I have no trust for third party services, I use them, but cautiously. My important data stays with me at all times, no exceptions.

I guess what I’m really trying to say with this post is be careful who and what you trust.