Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The cloud, an easy way out? Maybe, or not...
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion
View previous topic :: View next topic  
Author Message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2438

PostPosted: Tue May 28, 2013 12:18 am    Post subject: The cloud, an easy way out? Maybe, or not... Reply with quote

This is why you should NOT rely on the cloud:
http://www.youtube.com/watch?v=okhfDsKmAoY

A KRO (Dutch TV) network investigation...
Back to top
View user's profile Send private message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Tue May 28, 2013 11:07 am    Post subject: Reply with quote

Any chance of a summary? I don't have audio on my PC.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4262
Location: wild West Wales

PostPosted: Tue May 28, 2013 11:23 am    Post subject: Reply with quote

The "about" below the video has
Quote:
IT companies are failing to secure devices connected to the internet, leaving them open to hackers. This shocking report reveals how anything from your pins to your passport could now be accessed online.

"Is this your pin? Is this a letter you received from your bank? Do you have a HP e-Print scanner?" The young man answers yes to every question, stunned that all of his information was accessible on the internet for anyone who wanted to see it. And he's not alone: the wealth of information available is staggering. From shop owners whose security cameras can be watched and controlled remotely, to medical records and confidential documents for international companies like Unilever, Orange and KLM, it's a bonanza for any would-be hackers. While it would be simple for the IT firms who provide printers, scanners and software to make the system more secure, they don't see it as their problem and argue that attending to basic safety protocols is a bit of a marketing nightmare. "There are people who know all about how this works, security-wise, but it's too much trouble to explain all that." One company went so far as to call consumers who didn't know they had to change their passwords "idiots". As the rate of technological change continues at a frightening pace, do technology companies have a duty to prevent our privacy being eroded?

_________________
still looking for that door into summer
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4262
Location: wild West Wales

PostPosted: Tue May 28, 2013 12:01 pm    Post subject: Reply with quote

In essence network enabled devices are by default not secure coming with security disabled or with standard login and passwords; in my experience most routers were similarly insecure but I'm not sure that is any longer true.

Mostly it says that your average punter does not look out for themselves very well Rolling Eyes
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3452
Location: Birmingham, UK

PostPosted: Tue May 28, 2013 12:34 pm    Post subject: Reply with quote

Larger MFDs, (printer/copier/scanners) are more secure these days, Most now encrypt their hard drives by default.

Routers are getting a little more proactive, tending to use the serial number as a default password, which means you at least need physical access to find it out.

I frequently tell customers to change the default password on MFDs, but I am often ignored.
I also set an invalid gateway address, unless there is internal routing, or the device needs internet access for scan to email etc.

I remember years ago, when connected devices were quite new, I did a search for "network printer" and three Canon printers in the University of Edinburgh were in the top ten results, I was able to log in to their web page and check their settings!
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Tue May 28, 2013 10:32 pm    Post subject: Reply with quote

Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4262
Location: wild West Wales

PostPosted: Tue May 28, 2013 10:37 pm    Post subject: Reply with quote

guy wrote:
Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc Rolling Eyes

a lot of it was subtitled too Wink
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Wed May 29, 2013 10:32 am    Post subject: Reply with quote

towy71 wrote:
guy wrote:
Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc Rolling Eyes

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
Ram
LXF regular


Joined: Thu Apr 07, 2005 10:44 pm
Posts: 1674
Location: Guisborough

PostPosted: Wed May 29, 2013 12:52 pm    Post subject: Reply with quote

guy wrote:
towy71 wrote:
guy wrote:
Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc Rolling Eyes

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.


It is referring to personal NAS storage that is open to the internet like a Imoga NAS, which are open by default.
_________________

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
Back to top
View user's profile Send private message MSN Messenger
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Wed May 29, 2013 2:01 pm    Post subject: Reply with quote

So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:
This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4262
Location: wild West Wales

PostPosted: Wed May 29, 2013 2:53 pm    Post subject: Reply with quote

guy wrote:
So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:
This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.
I think DM is a bit clouded out Rolling Eyes
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
Ram
LXF regular


Joined: Thu Apr 07, 2005 10:44 pm
Posts: 1674
Location: Guisborough

PostPosted: Wed May 29, 2013 3:07 pm    Post subject: Reply with quote

guy wrote:
So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:
This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.


No its not home sprung, it bought NASes for home use that have been configured incorrectly... said NAS then used to store important data beit personal or home workers storing company stuff.

Same goes for MFD printers, open to the cloud again through bad configuration - some you can't set passwords on. So if you have the cloud services enabled left documents in the scanner can be access and printed by the hacker at their location. As demo'd in the video.

Both of these devices can be found in the home as well as businesses

Then there's the web/cctv cameras
_________________

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
Back to top
View user's profile Send private message MSN Messenger
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Wed May 29, 2013 4:45 pm    Post subject: Reply with quote

Um.

Well, by homespun I mean you went out and bought a NAS and plugged it into your home network and maybe tinkered or maybe not.

You talk about "open to the cloud" and "cloud services enabled". With what meaning do you use the word "cloud"? I know a little about cloud storage, cloud computing and cloud services (as services architected on computer clouds) and none of those seems to be what you mean. Do you just mean "the whole darn Internet"? I'd certainly agree you shouldn't rely on that!
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
Ram
LXF regular


Joined: Thu Apr 07, 2005 10:44 pm
Posts: 1674
Location: Guisborough

PostPosted: Wed May 29, 2013 8:59 pm    Post subject: Reply with quote

Home sprung, I took to mean home built, old server and a couple of disks.

My NAS does have what the vendor calls personal cloud, in theory can be accessed from anywhere in the world.

My printer gives me the facility to print from anywhere I can get an internet connection that goes through the vendors cloud once setup - it's turned off.

Cloud is a buzz word for the internet as far as I'm concerned. Cloud storage is dropbox, Ubuntu one etc.
_________________

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
Back to top
View user's profile Send private message MSN Messenger
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1071
Location: Worcestershire

PostPosted: Thu May 30, 2013 11:53 am    Post subject: Reply with quote

Ram wrote:
Cloud is a buzz word for the internet as far as I'm concerned.

Ah, that explains a lot. Some of us old pro's adopted the word to describe a networked system architecture where the software platforms are independent of the underlying hardware. Virtualization is a key ingredient, with software defined networking (think of it as virtual networks) fast becoming equally essential.

Most of the Internet is not at all like that - at least, not yet. For example, note how some long-established Internet companies like Amazon and Google are getting very excited about the cloud revolution. One can hardly maintain that the revolutionary new thing, the cloud, is the same as the clunky old thing, the Internet.

If I saw a NAS with "cloud" in its sales blurb, I would expect specifically that I could create distinct storage areas for different users and expand these by striping across additional NAS units as capacity requirements rose, in other words the client-visible storage space is wholly independent of the individual hardware units. Furthermore, I would expect it to be a lot smarter, more automated and inherently secure than the old logical volume management (LVM). If your NAS doesn't do all that, then IMHO it does not offer a "personal cloud". And if it does but you aren't using it that way, then you are still not using the cloud, never mind relying on it.

Similarly if a printer offers "cloud services" I would expect that to mean that it will communicate seamlessly with and print directly from say my Google Drive using Google Cloud Print (see for example Google's current list of cloud-ready printers). I would not regard printing say a Google Map from my web browser as meeting that definition.

Ask the manufacturer and they will probably say that their device should be placed behind a properly-configured firewall - it's just that all too many folks, home users and corporate sysadmins alike, don't think about network security. If your firewall is indeed letting through spoof cloud services, just think what else it has been letting through all these years....

Buzz, grumble, rumble....
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast