Cloud Storage – Great Idea or Security Risk?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.

---

“On no, we’ve lost all of little Johnny’s birthday snaps”, the woman cries as she holds her smashed smartphone aloft. With a knowing smile, her husband responds, “Don’t fret dear, they’re all in the cloud”. All is well, peace and harmony reign again.

Even less than a decade ago, any mention of “cloud storage” or “data in the cloud” would have almost certainly elicited a puzzled response. Today though, I’d imagine just about everyone would be familiar with the concept. “The cloud”, it’s a rather exotic term which simply means your data is uploaded to and stored on somebody else’s server, essentially on an internet connected hard disk owned and operated by the cloud service provider.

There is no doubt that the advantage of being able to access data from anywhere on any device creates a massive appeal factor, especially for multiple device users. Not to mention the automatic backup element which is clearly demonstrated in the opening paragraph.

It all sounds like a great idea, that is until you start considering what might and can go wrong. Of course, cloud storage providers take the utmost care with your data, at least according to them. They apply top notch security measures including encrypted data transfers. Trouble is, the encryption key is also stored on their machines, which means any of their staff can access those files as can any hacker who manages to break into the system.

I realize every method is susceptible to hackers, whether the data is stored locally or in the cloud. However, which do you think would represent the most desirable target – a local disk containing only your own personal data or a mega database containing data uploaded from thousands (if not millions) of users, all in one place?

Another concern involves the future viability of a chosen cloud storage provider – just ask those who entrusted their data to Kim Dotcom’s Megaupload. What happens to your data if the company is sold, goes bankrupt, or just closes down? Then there’s the scenario where cloud storage providers can simply change the terms of their plans, exactly as Microsoft did recently when the company drastically reduced the amount of data storage available under its free OneDrive plan.

I guess though, when it comes to data in the cloud, the greatest concern for most people is privacy. While Microsoft OneDrive openly scans all your files – for illegal content of course, most providers will collect data to share with “trusted third parties”. Naturally, many of these providers need to process sensitive information, such as your name, email address, phone number, credit card details and mailing address, in order to “improve their services”. And Santa Claus visits once a year around Christmas.

Despite the cynicism, I do believe that cloud storage can be decidedly useful and I’m certainly not dismissing the practice out of hand. However, as is the case with many situations… everything within reason.

I would not, for example, store any sensitive data in the cloud, whether encrypted locally beforehand or not. Family photos, life-memories, items which are valuable only to the user and serve no purpose for anyone else… sure, no problem.

Regardless, the important thing to remember is that any backup is preferable to no backup at all. If you don’t fancy storing your data in the cloud, dust off that external drive and use that instead. Works for me.

Cloud Computing: Easy Target for Cyber Criminals?

Guest writer Paul E. Lubic, Jr., has some definite ideas on the US government’s decision to employ Google’s cloud based computing model. Paul explains why, in his view, this risky venture will play into the hands of cyber criminals.

Here’s Paul’s report:

The use of cloud computing by organizations to rent office productivity applications such as word processing, databases, spreadsheets, and presentations is less expensive than the current method of purchasing application packages/licenses.

However, any money saved by renting cloud-based applications rather than purchasing applications for use on local servers will, in my opinion, be lost and more, because of a much higher probability of having the data stored in the cloud hacked and stolen.

This opinion is based on the fact that the documents stored in the cloud are, for all intents and purposes, stored in one virtual location that is a big fat target for cyber criminals.

Consider that with the current method of using office productivity tools to create and store an organization’s documents, they’re stored on various servers owned by the organization.

Depending on the size of the organization, these documents will be spread across many different servers and storage devices, possibly on a common network. The advantage in protecting the data is that a cyber criminal will have a more difficult time gaining access to the many locations than if there were only one location to attack.

Here’s the really scary part. The US Government has recently awarded Google a security clearance for their cloud computing applications; indicating that they are clearing the way to begin using cloud computing, states a recent Los Angeles Times article: Google, Good enough for government work.

This is the same government that this past year was the victim of advanced persistent threat attacks that resulted in the loss of extremely sensitive national security-related data across numerous agencies.

Since cloud computing-based applications are also vulnerable to advanced persistent threat attacks…it seems to me we’ve just made the cyber criminals’ job a lot easier because once the crooks have gained access to one agency’s cloud-based applications, a huge advantage in itself, they’re smart enough to be able to access those of other agencies as well. Yep, one big fat target; the bad guys are salivating on their tee shirts as we speak.

Advanced Persistent Threat: Targeting an organization’s specific individuals who have elevated access in order to gain long-term, clandestine entry to applications and data.

If you’re wondering why the US Government would allow this to happen in the first place…I can hear the bureaucrats [defined: an official who works by fixed routine without exercising intelligent judgment] saying “We changed to cloud computing because it saved us lots of money. We didn’t know it was unsafe.” ‘Nuff said…they’re gonna to do it.

Let Paul know your opinion on this issue by commenting on this article; we all learn from each other when our views and opinions are shared.

Guest writer Paul E. Lubic, Jr. is a long time IT professional who has held the positions of programmer, IT Security Manager and Chief Information Officer.  His interests lie in the IT security area, but he writes on all categories of technology.

Paul is a mature and seasoned writer, with a rare ability to break down complex issues into an easy to understand format. Check him out at his Blog – Paul’s Home Computing.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Service Center and PayPal Spam Scams Are Back!

The old “Due to the congestion in all Gmail users and removal of all unused Gmail Accounts” scam, is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber-criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

If you receive an email that is supposedly from “Gmail Service Centers”, and it addresses you in any way other than your name (Dear Valued Member, for example), it’s a scam. Google is not likely to forget your name, right?

At one and the same time, the following email purportedly from PayPal, is making the rounds once again. Similar to the Gmail scam it opens with a generic salutation – in this case,  “Dear PayPal Member”.

PayPal is familiar with this type of scam, and has issued the following warning:

“PayPal will never send an email with the greeting “Dear PayPal User” or “Dear PayPal Member.” Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information – to spoof@paypal.com”.

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Gmail Customer Care is Gonna Close You Account – Not!

The old “we’re going to close your email account” scam is making a reappearance. This scam has been around for years, and every so often it makes its way back.

This occasional reappearance tells me one thing – this scam pays off for the cyber criminals who are behind it. Since new users are continuously signing on to the Internet, they are essentially a new crop of potential victims.

What could be better for scammers than this; a natural market for fraudulent emails – new, and unaware users. Staying safe on the Internet is definitely one area where experience counts.

According to a recent email, sent to my relatively new Gmail account, my G mail account (these guys can’t spell – it’s Gmail not G mail), will be deleted within 24 hours unless I verify my user name, password, date of birth, and country information.

To an inexperienced user, this could look like an official email, and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

If you have received the following email recently, I trust you recognized it for what it is, and after reporting it as Spam, you simply deleted it.

If your email account is not relatively new, it’s unlikely you received this email but reading it can still be instructive. BTW, all of the spelling mistakes are the spammers.

“This Email is from G mail customer care and we are sending it to every G mail accounts owner for safety. We are having congestion due to the anonymous registration of G mail accounts so we are shutting down some G mail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.

Due to the congestion in all G mail users and removal of all unused G mail Accounts. G mail would be shutting down all unused Accounts, you will have to confirm your E-mail by filling out your Lo gin Information below after clicking the reply button or your account will be suspended within 24 hours for security reasons.

* User name: …

* Password: ……

* Date of Birth: …….

* Country Or Territory: …..

Warning!!! Account owner that refuses to update his or her account within Seven days of receivinga this warning will lose his or her account permanently.

Thank you for using G mail !”

Be kind to your friends, relatives, and associates who are new computer users and let them know about this type of scam. In that way, it raises the level of security for all of us.

Advise them to:

Consider every email, telephone call, or text message requesting confirmation of personal and financial information as a scam.

Not open emails that come from un-trusted sources.

Not run files received via email, without making sure of their origin.

Not click links in emails. If they come from a known source, to type them on the browser’s address bar. If they come from an un-trusted source, to simply ignore them, as they could redirect to a web site designed to download malware.

Keep their computer protected by installing a security solution and keeping it up-to-date.

Report suspicious e-mails as Spam.

To see how cyber criminals target new users, and new email accounts read “Email Spammers Are Smarter Than You Think”, on this site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.