Roberto Paes


This conversation is closed.

What the recent intensification of hacker attacks represent? There is a real threat to the prospect of cloud computing?

Hacker groups such as Anonymous and Lulzsec recently intensified their attacks, including government websites. Somehow, these actions demonstrate weaknesses in network security. How should we interpret this wave of attacks? They represent an actual threat? We have to fear a cyber war? There is a real risk the prospect of cloud computing?

  • thumb
    Jul 7 2011: What they represent is a wake-up call. Many of the recent attacks used vulnerabilities that have been well-known for years. These are not due to the bad guys suddenly getting much better but rather because the bad guys suddenly got motivated. For a large corporation's web site to be vulnerable to simple SQL injection, or for them to store unencrypted passwords at this point in time, is crazy. The possibilities are that the site developers didn't have a clue about basic security or that they chose to cut costs by omitting basic security. Which of these is worse if it's *your* vendor playing fast and loose with your personal data?

    The threat isn't specific to cloud computing, nor does the cloud make it worse. The requirements for cloud security differ from those of traditional architectures but the real problem is lack of knowledge and investment in securing the systems. Whether your data is in the cloud or in the corporate internal network is irrelevant if the controls available to secure it are not applied.
    • thumb
      Jul 8 2011: Would be lack of knowledge in securing the systems or neglect? There is effective total security possibilities? Because if it exists, it's not really a worrying threat. The developers and administrators just need to do their job right. And the requirement of customers and competition will drive them to do so.
      • thumb
        Jul 8 2011: When I said "lack of knowledge" I was being generous. The knowledge that would have prevented many of the recent breaches exists and has for some time. Many of these were simple SQL injection or similar elementary attacks. Then in several cases the databases contained unencrypted passwords which, again, violates some very basic security tenets. So when I said "lack of knowledge" I specifically meant on the part of the developers and project managers responsible for the sites and systems that have been recently breached.

        My comment about lack of investment is that in some cases the developers and/or managers are well aware of the problems and make a considered and deliberate choice to not spend the money to do it right. A vendor that I use renders login forms over HTTP (instead of HTTPS) and then submits user credentials in the clear. I not only told them about it, but I also found someone whose account had been hacked due to the vulnerability and their credit card charged. The victim got his money back but the site - now 3 years later - remains vulnerable.

        Considering that I'm a customer of this web site, and sufficiently knowledgeable that I was able to provide them with a full description of the problem and suggested remediation, I question how effective customer requirements are. Although the impact of a breach is one or more orders of magnitude greater than the cost to prevent it, companies will continue to neglect "nonfunctional" requirements such as security.

        As far as competition, the companies who ignore security make more money than those who invest in security, all other factors being equal. This changes with a breach but breaches are still perceived as "cannot happen here" events. Competition is what is driving the bar DOWN, not up. Until breaches are so numerous that companies plan ON having the breach rather than betting against it then competition will continue to push security to the bottom of the priority list.
  • thumb
    Jul 5 2011: Definitely.
    But just like the fear of apocalypse cause by nuclear device or biological weapons... cyber war no matter how scary is something decided by human, society, people like you and me. We just need to be positive and constructive. Start campaigning for safe computing, help define digital privacy, understand the illusion of control and keep the awareness alive.
  • thumb
    Jul 6 2011: !!! The real Evil.
    Actually Cloud Computing is the real evil.
    Cloud in German means stolen (from Klaut ==> Klauen).
    So "Cloud) computing means nothing but the fact that all your documents are stored on servers and that you do not have real access to them.
    Cloud computing is nothing but a new name for what already was in place at the beginning of the computer age.
    Information stored on mainframes.
    But the real meaning of cloud computing is that it steals information from the individual and makes it accessible to the ones behind the scenes.
    The "Authorities" f you like.

    They want a see through individual.
    I support a see through Government.
    No Government has the Authority to lie to it's people.

    The real risk we have is is the threat that Governments pose.

    Hackers I salute you!!!
  • thumb
    Jul 10 2011: Internet is a society's mirror. Anything it happens in society, then it will happen the same in Internet. The converse sentence is going to be true into the forthcoming future. There are criminals in the "true world", and there are criminals inside "The Cloud", too. It's natural that it works as this. Internet is based on a computing paradigm that fails to give major importance to security issues. This is the extreme paradox technology has faced since World War 2. Internet was created for making military and confidential government communications networks stronger in face of prospective terrorist attacks. However, in practical terms, existing (civil) Internet remained as an insecure by-product of those far military experiments. Nowadays, Internet is the more pervasive vehicle existing throughout the world. Anyone who is capable of understanding its deepest secrets has the potential of entering into the life of whoever. This is a scaring fact.

    Moreover, at the present time there exists several computational technologies coexisting as once there were several anthropoids coexisting and even fighting each other. It's not necessary to say what happened to anthropoids different from "homo sapiens sapiens". While advanced technologies are in possesion of people having no ethics then common people will be in real danger. Even this is not the necessary condition for causing damage to anyone. It's enough by using technology not considered as state-of-the-art against naive people that are not using technology as they would. Any 1st-year engineering student without moral values that looks at a computer Internet exploring software without a proper security configuration can afford to virtually any computer around the world, even by executing a few lines of Javascript code. People around the world use Internet for making commercial and financial tasks, and have no minimal idea of what holding a well-configurated and secure computer for making those activities means.
  • Jul 10 2011: I share some reservations too about cloud computing. It claimed to promote the ease of retrieving back your data/applications etc regardless of what platforms you use (eg smartphone, tablet, desktop etc.) but this also means too much of your info is with the vendor. Also, you get locked-in with the vendor which you have no control over what they can do with the info if you decide to terminate the service. Or, if there is a security flaw in one of the platform eg smartphone, can it and does it comprise all your info?
  • thumb
    Jul 8 2011: I think there will be a virus that will auto-hack wireless systems and spread like that. On line banking is a joke so by December there will be billions dollar stolen from bank accounts.

    Super scam, a site with millions of users will make a massive scam within 2 years (100millions)
    I know German bank and Dutch bank is a joke. Not mention about remote bankcard/credit card copy. While u have them in your wallet.

    Hacking of emergency phone centers and close them down on strategic times.

    But also think of hacking address information of customers, to gain login details from banking .

    Satellite hacking, Drone hacking, fooling electronic systems and or spoofing and spying. Implant in stuxnet like system is the last step.

    Many cloud-systems will fail, and die.
  • thumb
    Jul 8 2011: Boy my countries going to implement the no torrents bill in september all because someones president asked him to then conveniently turned around and said to his own people that he will never do that to them and now we see alot of hacks going on,it feels for me, too pushy for all of them to suddenly get active.I'm not a conpiracist nutter but i see how by using emotion response guiders can change a nation and the net is anything but reactive. Last week i watched a first for my country,a controversial book was to be released,though nothing to die over it was over a subject that was a bit too raw and early for the country but it forced the sellers to retract or cut the launch completely,all through facebooks "I like" system,now if you ask me,i would use the cloud for only the basics,you're a fool to run it all online, sooner or later you get hit,it's like driving your car,samething accidents happen,thats how you learn.
  • thumb
    Jul 8 2011: I dont like what I read about Cloud Computing. Too much like a Takeover. It is a great idea though. Just too much of it is not in control of the User.
    I doubt if hackers will ever be eliminated. That Unique number of each PC was supposed to go a long way against Hackers but they seem to be winning.
  • thumb
    Jul 5 2011: I think this is also related to another TED conversation about the Pentagon or our defense departments continuing to lead our research and be one step ahead in controlling the bad use of science. Is our government lagging behind cyber technologies?