Christopher Barry on 7 Jan 2017 07:19:17 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] XKCD: Team Chat

On Sat, 7 Jan 2017 07:43:24 -0500
Rich Kulawiec <> wrote:

>On Fri, Jan 06, 2017 at 03:34:31PM -0500, Greg Helledy wrote:
>> Basically, it's a way to get you to turn over all your company's
>> internal communications and data to the people behind the Slack
>> site?  
>And to anyone who hacks their site.  (The larger they become, the more
>attractive target they'll become.  The more attractive the target they
>become, the more resources will be available to attack them.  Why hack
>the communications/data of one company when you can hack 492 at once?)

Can anyone say Yahoo, LinkedIn, Sony, OPM, Panama Papers, Ashly Madison,
Hillary, Podesta, blah, blah, ad infinitum?

...and it'll only get worse.

It's funny that this XKCD got posted in the Slack at work and started a
thread there as well. But there, the culture has committed to it,
stopped analyzing it, and instead the thread (on slack) was more about
the few that still wanted IRC connectivity into slack.

>And to anyone who acquires a dump of all the data from an insider.
>(If they have N staff with access to that data, then you are betting
>that N out of N of them can't be bought or blackmailed or seduced or
>tricked or anything else.  You have to win that bet N times.  You have
>to continue to win it N times as N gets larger.  An attacker only has
>to win once.)

Well, to be fair, employees of a company that manages it's own data can
do that as well, but yeah, CloudCo folks have less loyalty,

>It is of course the prerogative of all companies to decide to do
>something this incredibly careless, if they wish.  But given that this
>is an obviously horrible idea, I wouldn't want to be in the position of
>defending such a decision in court (after our users'/customers' private
>information was compromised as a result) or in a board meeting (after
>our internal information was sold to the highest bidder).

I just started a contracting gig this week at this company that uses the
cloud for essentially everything; slack, gmail, gitblit (which I'd never
heard of before, and my colleague says it's meh, and he's a bit
concerned because gitblit actually keeps /its/ code on github :). Bah!

And, don't forget about warrantless governmental intrusion without any
notification whatsoever. Where CloudCo is served an NSL, all your data
is slurped up, you have no idea it's happened, and CloudCo cannot speak
of it.

Or the persistent hacks by foreign governments or competitors that
stealthily and continuously siphon your proprietary data undetected
(you can't see the server logs!).

The cloud is mindlessly wrong. IoT is phenomenally risky and stupid -
really it's a train wreck in slow motion. WTF are we doing? We're really
heading the wrong way. Just because it /can/ be done does not mean it's
a valid or intelligent reason to do it.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --