August 7th, 2012
A lot of reactions to this story seem to be along the lines of “See? Cloud computing is bad!” which is kind of a simplistic conclusion to draw from this unfortunate incident.
I would suggest these as better takeaways than “Cloud computing bad!”:
- Your data can live in the cloud but doesn’t have to live only in the cloud. I back up to an external hard drive and to “the cloud” (multiple clouds, actually). Also, some cloud services are built that way anyway. For example, Dropbox doesn’t store your stuff only on their servers. It takes an existing folder that lives on your hard drive and then makes copies of it on their servers.
- Social engineering is the least talked-about but most often exploited security vulnerability. People make too much of “strong passwords” and so-called “antivirus” software. I definitely recommend people use strong passwords, and antivirus software can have its place (though its usefulness is often overstated). Just realize that it doesn’t matter how strong the gate is if the gatekeeper will open it to anyone. These aren’t the droids you’re looking for… oh, wait—they are!
- Mat Honan has some actually good points to make. Amazon should not allow people to randomly add credit cards to your account (apparently, Amazon’s fixed the problem in question). Apple should not allow the last four digits of your credit card to be used as verification. Having one place that remotely wipes all three of your computing devices makes no sense.
- If someone is determined to get you, she’ll go to great lengths to get you. You can improve security and make things better, but you cannot make yourself invincible. When you read Honan’s account of what the “hacker” did to get into his Twitter account, it’s quite involved… not just some one-minute exploit.
I use Google Music, Dropbox, Google Drive, SkyDrive, Amazon Cloud Player, Crashplan, and Firefox sync. I also keep local copies of everything and locally back them up to an external hard drive. Keep your bases covered and your fingers crossed. I’ve done everything sensible I can to protect myself. I don’t imagine, though, that a determined malicious party with some tech knowledge and social finesse couldn’t eventually compromise my security.