Archives for posts with tag: cloud storage

Most of the popular cloud systems are insecure. The recent hack of celebrity accounts, and the subsequent release of nude pictures clearly demonstrate this once again. The problem is that most cloud systems rely on passwords to restrict access to an account. The reason is usability: it allows the account to be accessed from any device. To make this really usable, an easy to remember password needs to be selected. Unfortunately, such passwords can be guessed by brute forced. Of course this can be prevented, for example by restricting the number of times one is allowed to enter a wrong password. But then account recovery strategies, that allow legitimate users to regain access to their account if they forget their password, provide a second avenue of attack.

In other words: user-friendliness kills security. Can this be fixed somehow?

Read the rest of this entry »

I am looking for a secure cloud service. One of the options I considered was SpiderOak. However, after reading the following explanation about how the mobile version works, I started to get worried.

[..W]hen accessing your data via the SpiderOak website or on a mobile device you must enter your password. The password will then exist in the SpiderOak server memory for the duration of your browsing session. For this amount of time your password is stored in encrypted memory and never written to an unencrypted disk. The moment your browsing session ends your password is destroyed and no further trace is left.

The instance above represents the only situation where your data could potentially be readable to someone with access to the SpiderOak servers. That said, no one except a select number of SpiderOak employees will ever have access to the SpiderOak servers. To fully retain our ‘zero-knowledge’ privacy, we recommend you always access your data via the SpiderOak desktop application which downloads your data before decrypting it locally.

Read the rest of this entry »