Previous 1 2 Next 24 Replies Latest reply: Dec 29, 2011 3:18 PM by Yule
Wasteaccountant Level 1 (5 points)

I have two concerns over the iCloud

 

The first is hackers - we have seen Sony in recent week have a nightmare with hackers, how are apple going to protect our data and access? should apple consider two levels of security - a "authorised device" and a more advanced level for unauthorised devices and setup?

 

The second concern is redunancy, what happens if apples new data centre is destroyed, what ever the method? will systems remain up and will data be safe?

  • Kanapgc Level 1 (0 points)

    Hi guys,

     

    two things to say:

     

    1) iCloud is the best ever idea about files syncronizing and Apple always know how to do it...and as SJ says "it just works"...

     

    2) and if one day, someone, would  be so kind with the governance or other "peolpe" and would share all world Apple's costumers data stored in the huge data-centre ? What could it means ? Addresses, meetings, mails, photos, preferences, secrets, everything...I mean everything could (if not yet) be possessed by someone who will know all about us...

     

    We should think a bit about it...

  • twtwtw Level 5 (4,925 points)

    Kanapgc wrote:

     

    2) and if one day, someone, would  be so kind with the governance or other "peolpe" and would share all world Apple's costumers data stored in the huge data-centre ? What could it means ? Addresses, meetings, mails, photos, preferences, secrets, everything...I mean everything could (if not yet) be possessed by someone who will know all about us...

     

    We should think a bit about it…

     

    That horse ran off a loooong time ago, my friend; no sense worrying about the barn door now.  Or are you not aware how much of your 'personal and private' information is accessible to governments, insurance companies, banks, your ISP, companies like Google and Yahoo, etc...?  There are at this moment countless people who could  (more or less legitimately, and with not too much effort) know more about you than your mother does.  I'm just sayin'...

  • etresoft Level 7 (27,813 points)

    Wasteaccountant wrote:

     

    we have seen Sony in recent week have a nightmare with hackers

    I wouldn't worry about it. Apple knows how to do security. Sony was hacked with one of the oldest, most basic hacks known - SQL injection.

  • bullett007 Level 1 (0 points)

    etresoft wrote:

     

    Apple knows how to do security.

     

    Care to divulge how you "know".

     

    Just asking really, I'm really loving the iCloud and will probably use it, in fact I have already to get apps to my iPhone 4 from the iCloud BUT....  no system is impenetrable right?

     

    It is a little concerning.

  • etresoft Level 7 (27,813 points)

    Count how many times Apple has been hacked: 0

    Count how many Mac viruses there are: 0

    Count how many iOS viruses there are: 0

  • RichardOfHERTS Level 1 (0 points)

    Encryption is all good. But these days a password and SSL dosn't cut it. Hardware authentication with one time passwords (OTPs) is the way things are going. Like with chip and pin on your debit/credit cards. Without hardware authentication and OTPs, anyone who has your logon credentials can get access to all your data.

     

    Naturally all the data on the servers should also always be encrypted and for access always require hardware authentication with OTPs (also known as one time session keys) - this should be the case even within Apple Inc. In my view LastPass.com seems to be leading the way to showing everyone how it should be done.

     

    Currently Yubico provide hardware OTP solutions that can be used for email and password protection. But the future is near field connection (NFC).

     

    Without hardware authentication and OTPs, anyone who thinks their data is safe is simply living with their head in a cloud.

  • RichardOfHERTS Level 1 (0 points)

    With regards to the post made by 'etresoft', obviously he/she didn't hear about the recent AppStore/iTunes security breach. If you want to know more checkout:

     

    http://www.macuser.co.uk/4013-itunes-accounts-for-sale

  • etresoft Level 7 (27,813 points)

    There was no security breach. People use the same password on multiple accounts. Then, after their gmail or yahoo accounts get hacked, the hackers can use that password in iTunes as well.

  • RichardOfHERTS Level 1 (0 points)

    Like I say without hardware authentication, all a hacker needs are user name and password.

  • Logic Pro Level 3 (645 points)

    icloud is safer then anything wikileaks, hackers from all over the globe ever hacked whether goverment or not right ?

     

    Wonder if China and other countries who constantly complain about US spies worry their citizens, their businesses and lives are been stalked when desired by those with invested interests in resources both economicall or political

  • RichardOfHERTS Level 1 (0 points)

    Lets just say that I would feel a lot better about iCloud, if it were known that hardware authentication with one time session keys were being used (as would be possible if the devices had an NFC chip in them, which currently they don't) and if it were possible to see the access history in some way.

     

    Most people seem to think that when it comes to security, Apple knows their stuff. I say "think" (or is the word assume) rather than "know". Giving out statistics is all well and good, but stats don't give any reasons, their just that, statistics.

  • SimonSwiss Level 1 (0 points)

    There's an option in iTunes to have backups encrypted. It is also available for iCloud backups as far as I can see.

     

    Does anyone know if data is really encrypted in this situation before it is transmitted to apple? Or is it just protected by a password but stored unencrypted in the cloud? In the former case I might start using iCloud backups as well, as this IS convenient. In the latter I'd decide to keep it switched off.

     

    BTW: Security is not a matter of fanboyism, but of hard facts. And you can never trust an IT system as long as it does not use hard encryption. Above all not if it is as exposed as iCloud will be.

  • RichardOfHERTS Level 1 (0 points)

    I wish that Apple would be more specific about how they are implementing iCloud security. LastPass are very clear about what mechanisms they use to implement security. In my view you simply could not make things any safer than LastPass. Although one lives in hope that Apple could make their iCloud as safe as LastPass (for more details see the LastPass videos).

     

    Having worked in the data security industry. The one thing one learns on day one, is that one should not rely on obscurity to implement security and that knowledge of the system's architecture should not in any way be equivalent to a compromising of security. The main reason being that historically security breaches are carried out by insiders. That is to say those who have knowledge of the system's architecture.

  • eric-s. Level 1 (0 points)

    I was wondering about encryption for iCloud backups as well.

     

    In iTunes there's an option for that - hovever the way the check-box is positioned in the user interface implies, that encryption is only for iTunes backups.

     

    I would really like to know wheter iCloud backups are stored encrypted and with what password (the one I choose, or one from apple)

     

    I couldn't find any specific information about that. someone?

     

    Thanx,

    e.

Previous 1 2 Next