We Really Don’t Know Clouds At All
I’m sure I had another post topic in mind before I checked my Google News Alerts. Stupid thing to do if you have any interest at all in maintaining focus. I did not maintain.
One of my searches is for news for “cybersecurity.” While I’m not a coder or hacker, I’m an end-user. I’m a participant (mostly enthusiastic but with serious concerns) in the techno-commercial use of digital technology to run a civilization.
I’m deeply invested in web technology both at home and on the road. The “cloud” has made it so much easier to save and share and retrieve information–and gobs of it–on OneDrive, Box, Google Drive, and Dropbox. I use all of those. So this is NOT good news:
The lastest exploit–call “Man in The Cloud” puts at jeopardy the security of all these cloud storage tools. Once discovered, even changing passwords does not rescue your account (far worse if YOU are a big corporation) from being controlled by the invader or your files held at ransom. This is truer of Dropbox than of Google Drive apparently.
I’m thinking this is a Windows issue and NOT a Mac issue. I could be wrong about that if anybody knows for sure. Now that the story is in the wild, I wonder if we won’t see quick and major use of this before steps can be implemented to minimize if not prevent such attacks.
And if you want a smaller scale threat that’s more up front and personal–your iPhone can also belong to others if you are not VERY careful to ONLY download apps from the Apple App Store.
A “Masque” attack might look like an app from Facebook, Twitter, Whassap, or another legit app provider. It might work like the original. But it is enhanced and wants your data for lunch.
Header image confession: it is a mashup of two of my images.
â–º “Man-in-the-Cloud” Attacks Leverage Storage Services to Steal Data | SecurityWeek.Com
â–º Fresh Masque iOS security flaw puts iPhone users at risk – Business Insider