Comments on: Revisiting Security and the Cloud

By: ?????? ???? 2.0 SaaS » ? SaaS ????? || ?????? ???? 2.0 SaaS || Users have to wise up to cloud security || ????????? ?????????? ???????? ? ????????????? ?????? ? ??????? ?????????? SaaS. ERP-??????? ? ????????? ?????????? ? ???? ?????????? ????????. ??????

Wed, 22 Jul 2009 09:47:17 +0000

[…] a Twitter employee’s Google Apps account. Cue a chorus of commentary alleging how this shows that if you want to keep stuff private, don’t put it on the web, period, because cloud security is not ready for prime time and nothing is secure on the […]

By: Mike

Mike — Mon, 20 Jul 2009 03:00:35 +0000

Just as a follow-up - I bought Pukka because it periodically makes backups of your online bookmarks.

It makes for much easier posting, too, but I really like the backups.

By: Tech Week in Review 7/17/09 | Black Web 2.0

Tech Week in Review 7/17/09 | Black Web 2.0 — Fri, 17 Jul 2009 13:01:07 +0000

[…] services we use, but the basic security we apply in our use. Webomatica has good write-up of some security precautions you can take, but I’m not sure about being distrustful of the “cloud” as I rather like my […]

By: Mike

Mike — Thu, 16 Jul 2009 01:36:28 +0000

Oh yeah, Dropbox fills a bunch of gaps that you miss when you don't have .Mac (I dropped .Mac when I discovered shared hosting).

As for encryption of files - you could just make a disk image with Disk Utility - a sparseimage would do the trick, as it expands to accommodate more files. Choose AES encryption, and set a password. You could even save that to your Dropbox and have it synchronize between computers, though it would probably use a ton of bandwidth to keep uploading it every time you change your files.

TrueCrypt is better, if you need compatibility with Windows machines (or Boot Camp/Parallels/VMWare). TrueCrypt is probably more secure than the encryption used for Apple's disk images, but I'm a big fan of using built-in stuff whenever possible.

Oh, and forgot to mention financial stuff - I'm also hesitant to enable auto-pay stuff. I have my credit card send me a paper bill in the mail, but I pay it online. They'd love to withdraw money directly from my bank account whenever they feel a bill is due, but I think there's too much potential for an error to go unnoticed. This way, I can read over the bills and make the decision to pay.

Filevault would be worthwhile on the laptop - there's no way to get into a Filevault account without the password, so you can sync documents and whatnot to the laptop without worry.

By: webomatica

webomatica — Thu, 16 Jul 2009 01:10:15 +0000

I should check out dropbox, especially in comparison with .mac (iDisk)
that I currently use for some files. But your mention of encryption
reminds me, I don't have Any of that going on with local files.
There's filevault but I winder if there's a good desktop app for that...

By: Mike

Mike — Wed, 15 Jul 2009 23:58:36 +0000

Here's what I do: I use 1Password to store all of my passwords. My master password is a tough one, but one that I can remember (1337 speak helps when making passwords).

I use Dropbox to sync the passwords between machines, but as the password files themselves are encrypted, they're useless to anyone without the master password.

Each individual site's password is randomly generated, with letters and numbers (and sometimes punctuation). My email accounts are secured, too - as most passwords can be reset via email.

If I suspect an account has been compromised, I change the password immediately.

Email is stored on the server via IMAP - and as mentioned before, I use Dropbox. I don't mind using the cloud, as long as sensitive stuff is encrypted and reasonable measures are taken to protect the account itself.

I wish more sites would adopt IMAP's kind of caching - in the event that my IMAP server dies, I can use my local cache to rebuild somewhere else. I can't do that with most "cloud" services available today - if Delicious disappeared tomorrow, I'd lose a lot of bookmarks.

By: Users have to wise up to cloud security | Software as Services | ZDNet.com

Wed, 15 Jul 2009 23:05:32 +0000

[…] employee’s Google Apps account. Cue a chorus of commentary alleging how this shows that if you want to keep stuff private, don’t put it on the web, period, because cloud security is not ready for prime time and nothing is secure on the […]