CompuBlab

If you are a user of an online storage facility like DropBox or one of the many others, have you considered the security ramifications of what you are doing?

Today, computing “in the cloud” is a big buzzword (that should probably be “buzzphrase”). Cloud computing, in its simplest form, is just a fancy way of saying that your computing resources are coming from someone else. Online storage and backup services have been around for a while, and I have been amazed at how people have not understood all of the impact of storing data online.

Perhaps the most important thing I want to make certain you consider is exactly WHAT information are you putting on someone else’s servers. Is it just pictures, or school projects, or other items not of great importance to anyone but you? Then you are fine. But what if you are storing files related to your banking, or tax returns, or other sensitive information? Here you might want to give pause for storing such information “in the cloud.”

You see, no matter what these companies tell you, computer security is still in its infancy. These companies may tout that they use “encryption” methods (that is, they “scramble” your data in such a way that hopefully only THEY can recover the original data at a later time) to hide your data…but what they don’t tell you is that encryption is not “fool-proof” protection. In addition, when you put your data on someone else’s servers, you have to also hope that the company who is hosting your data screens its employees very carefully. Encryption doesn’t mean diddly if the company’s employees are not properly screened and are given access to both your data and the encryption algorithms used to protect it.

I am not saying that online storage is not to be trusted…I am saying that you need to be made aware of the risks of putting your data online. If you choose to put your data online and you have an understanding of the risks and accept them, then this is a good thing.

KNOWLEDGE is your best weapon against bad outcomes with computing…and knowledge is what I hope to impart to you. Do not assume, just because your data is encrypted that it cannot be read. It makes it more difficult to be read, but there are ways of breaking encryption. If you need proof of this, just follow the tech news for a few weeks and you’ll see how many security violations are being reported in the news on a weekly basis. Encryption is good…but by itself it is not, in my opinion, sufficient to protect your data.

The best security for data is to not have the data accessible to those who might try to gain access to it. Tax return information stored on a CD in your home is much harder for a hacker in another country to gain access to than data you have uploaded to an online storage facility.

Don’t get me wrong…I am not saying “never use online storage”…I am only saying be very aware of WHAT you are storing there…and know the risks. Life is not without risks. The important thing is that we identify the risks and choose for ourselves what risks are worth taking and what risks we choose to avoid.

Knowledge is the key, my friends, and that knowledge will set you free!

Some very unsettling news about Secure ID tokens. Don’t know what a SecureID token is? Perhaps you have one but don’t know it by name.

A SecureID token is a small little device that can fit on your keychain. It is used as an extra layer of protection for when you log into a computer system. You see, the SecureID Token displays a number that changes every so many seconds. Through some computer trickery, the computer you are trying to log into (that is set up to use a SecureID Token) can calculate the SAME number that your SecureID Token is currently displaying. The theory behind this is that if someone manages to get a hold of your User ID and Password, they STILL cannot gain access to your account with the SecureID Token number…which presumably only YOU have in your possession.

Well, that entire game just changed,

You see, RSA, the company that makes the SecureID Token, reported recently that there was an intrusion/break in/hack into THEIR computer systems, and the hackers were able to steal enough information to be able to figure out what the SecureID Token number should be for a person’s SecureID Token…effectively rendering your SecureID Token useless (click here for the original story).

Now, the thing you need to understand about system security, and the thing you are going to read from me over and over again, is that there is no such thing as a completely secure computer system. The best you can hope for is to keep the amateurs away from your data, and to give the professionals a reason to go look elsewhere for the jollies (because your data is going to be so hard to crack). Of course, some hackers relish a challenge, so you have to be careful even there.

But the overall point here is that you may be able to protect your data for a while…but eventually, given enough time, hackers WILL be able to compromise your data if they have any way of actually reaching it. Of course, if your data is not accessible from the Internet, then the only way for them to steal your data is to physically enter your premises to do so.

So as far as computer security goes, I think of it the way my parents taught me to think about car thieves. We lock our doors to keep the pranksters away and to try to encourage amateurs to find another car to steal…one that is easier to break into. However, if a professional REALLY wants your car, there is virtually NOTHING you can do to stop them.

So if you have an RSA SecureID Token, be sure to get it replaced right away! The article that I liked to previously already tells of people havingt had their accounts broken into based upon what the bad guys learned from their hacking into the RSA network.

You have been warned!