| Christopher Barry on 7 Jan 2017 07:19:17 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] XKCD: Team Chat |
On Sat, 7 Jan 2017 07:43:24 -0500 Rich Kulawiec <rsk@gsp.org> wrote: >On Fri, Jan 06, 2017 at 03:34:31PM -0500, Greg Helledy wrote: >> Basically, it's a way to get you to turn over all your company's >> internal communications and data to the people behind the Slack >> site? > >And to anyone who hacks their site. (The larger they become, the more >attractive target they'll become. The more attractive the target they >become, the more resources will be available to attack them. Why hack >the communications/data of one company when you can hack 492 at once?) Can anyone say Yahoo, LinkedIn, Sony, OPM, Panama Papers, Ashly Madison, Hillary, Podesta, blah, blah, ad infinitum? http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ ...and it'll only get worse. It's funny that this XKCD got posted in the Slack at work and started a thread there as well. But there, the culture has committed to it, stopped analyzing it, and instead the thread (on slack) was more about the few that still wanted IRC connectivity into slack. > >And to anyone who acquires a dump of all the data from an insider. >(If they have N staff with access to that data, then you are betting >that N out of N of them can't be bought or blackmailed or seduced or >tricked or anything else. You have to win that bet N times. You have >to continue to win it N times as N gets larger. An attacker only has >to win once.) Well, to be fair, employees of a company that manages it's own data can do that as well, but yeah, CloudCo folks have less loyalty, presumably... > >It is of course the prerogative of all companies to decide to do >something this incredibly careless, if they wish. But given that this >is an obviously horrible idea, I wouldn't want to be in the position of >defending such a decision in court (after our users'/customers' private >information was compromised as a result) or in a board meeting (after >our internal information was sold to the highest bidder). > >---rsk > I just started a contracting gig this week at this company that uses the cloud for essentially everything; slack, gmail, gitblit (which I'd never heard of before, and my colleague says it's meh, and he's a bit concerned because gitblit actually keeps /its/ code on github :). Bah! And, don't forget about warrantless governmental intrusion without any notification whatsoever. Where CloudCo is served an NSL, all your data is slurped up, you have no idea it's happened, and CloudCo cannot speak of it. Or the persistent hacks by foreign governments or competitors that stealthily and continuously siphon your proprietary data undetected (you can't see the server logs!). The cloud is mindlessly wrong. IoT is phenomenally risky and stupid - really it's a train wreck in slow motion. WTF are we doing? We're really heading the wrong way. Just because it /can/ be done does not mean it's a valid or intelligent reason to do it. -- Regards, Christopher ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug