Tuesday, June 7, 2011

Renewed cloud concerns as new cloud services launched

If you're in the UK and reading this before 23:19 BST on Monday 13 June 2011 then you stand a chance of watching last night's episode of BBC Newsnight if you missed it (the segment is 28 entertaining minutes in from the start of the programme). Alternatively, here's a summary of the package from the programme.

The basic premise is that our life online is not safe from hackers and short-sighted companies storing our passwords and other information in their databases in plain text instead of keeping the details encrypted so they're more safe from prying eyes. Using tools like Firesheep others can grab details of our online identity and login as if they were us to Facebook, Hotmail, Twitter and more... I've been concerned about this for some time.

The media is picking up the theme after Nintendo becomes the latest high-profile company to have data on its customer base exposed by hackers. Sony, Google, Facebook, and others are amongst the big-name companies to have hit headlines in recent months after the loss of customer data.

The Newsnight segment concentrates on the introduction last October of Firesheep, a software tool that sniffs wireless traffic over, say, a coffee shop or airport WiFi network to reveal usernames and passwords for Facebook, Twitter, and other services used by unsuspecting users.

There's a call to make 'SSL' encryption mandatory, or at least the default behaviour, for these services. Simply encrypting the wireless portion of the traffic will not be sufficient: for true peace of mind it's necessary to introduce end-to-end encryption and few services today are designed that way.

For example, while it's possible to use https (SSL encryption) for the web versions of Facebook and Gmail and Twitter, the smartphone app versions of their tools don't encrypt the traffic. This exposes iPhone and Android users to a Firesheep or similar attack.

Meanwhile, ironically, Apple's big announcement yesterday of 'iCloud' yesterday envisions a future where increasing amounts of our data and assets, such as songs we've purchased, are stored in Apple's cloud computing service, accessible from multiple devices.

The advice from cloud hosting provider Rackspace, quoted in Newsnight, is to think twice about what information we store in the cloud. Apple's announcement yesterday looks as though it won't give us the option, but will store stuff from our iDevices in the iCloud automatically.

Do we trust Apple not to suffer the same sort of cloud failures experienced in recent months by Amazon and Sony and Blogger and Nintendo? Apple users are smug that they have less trouble with viruses than PC users. Expect that to change as the iCloud begins to store commercially valuable user information. And expect users to search for secure service providers.
Get more like this