Murena is storing on CLOUDS ? the other OS, too ?
comment of our IT commentator and satirist:
I’ve been getting headaches lately from how obviously stupid people are. If these would be at least errors on a level, where one can argue something. But no!
My current end-boss in terms of obviously stupid IT homeopathy is cloud encryption.
OK, quick thought experiment. You go on vacation and ask your neighbor to water your plants. In return, you give him the key.
Hopefully you realize right away, and without me having to explain it in any way, that the neighbor can come into your apartment and do things from then on. Getting the key back does not help, because he may have made a duplicate key.
Once you give away the key, only lock swapping helps.
But what do the cloud people do now? They have the problem that your software runs on their hardware, and software cannot protect itself against attackers with physical access to the hardware. In principle, no. Not “we don’t know how.” Yes, we do. We can’t.
Software is a list of things. You give it to the hardware, and the hardware executes it. If someone else controls the hardware, they control your software.
There’s no way around that. That’s why DRM keeps getting cracked, and that’s why Intel and ARM are waging a war against their customers, gradually taking more and more of the control of the hardware away from them.
So what are the cloud folks doing? They’re diluting water! Hey, we put a button here. “Enable encryption.” That’s kind of like the “Activate Shields” button on the set of Star Trek. It doesn’t do anything and everybody knows it. There’s no shield. We’re all just pretending.
Whereas with Star Trek at least we’re entertained, with the cloud it’s just a rip-off. If the cloud encrypts, then the cloud has the key. You can use it to encrypt and decrypt. As long as the cloud provider has ever seen the key, even briefly, that is no protection against the cloud provider, and that is exactly what is being sold.
OK Fefe, this may not help against the evil admin at the cloud provider, but it does help against the Chinese hacker who hacks the cloud? No, it doesn’t, because the cloud decrypts it for you. If he can log in as you, or give you an SQL injection or whatever, then he has full access, just like without encryption.
OK, but does that at least help against the cleaning help from the Iranian secret service, who steals the tape with the backup? Yes, if the key is not on the tape, which is shockingly often the case. But we are not talking about tapes but about S3 buckets right now. They’re attached to the web. Why would anyone want old backups when they can get real-time access?
and so on …
Translated with DeepL Translate: The world's most accurate translator (free version)