The Dark Cloud of Cloud Computing

How Cloud Computing changed the face of brute-force attacks.

Cloud Computing is the phrase that we loved last year. I don’t think there is any IT conference where the Cloud Computing topic misses completely the agenda. It’s a new paradigm that attempts to solve many of the existing IT problems. There are many advantages for the cloud and I just want to mention: scalability, flexibility, accessibility, redundancy, extraordinary capacity, predictable costs that go to OPEX not CAPEX. The Cloud promises. The trouble is that not only solve our problems but also the problems of individuals with less clean intentions that wander around the global data networks. This extraordinary capacity that can be used at an affordable price, almost unexpectedly, opens the doors for hackers. Let’s get in a few details.

We all use encryption mechanisms and we want to know that our personal data, emails or wireless networks are protected at least to a minimum level of security. Unfortunately, history shows that any encryption method has been defeated sooner or later. It’s just a matter of time. In fact, this is the idea, a reasonable level of encryption is one that requires a long enough time to be decrypted (long meaning at least years or decades). But that length depends on the computing resources available to the attacker.

But what is the promise of Cloud Computing? Computing resources. Anytime, anywhere and at a more or less acceptable price. I read a few days ago that a German security researcher, Thomas Roth, managed to create a little program that runs over the Amazon EC2 Cloud (Amazon Elastic Cloud) that attempts to discover passwords used by wireless networks (WPA-PSK). What’s new with this? Well, nothing, except that it can make 400,000 attempts per second. A staggering amount. The theoretically infinite resources of cloud computing are changing the face of brute force attacks.

What can be done? If you were cautious when choosing passwords, now you can start being paranoid. Do not use simple and predictable words. Use at least three of these character types: uppercase letters, lowercase letters, numbers and special characters. Do not use passwords shorter than 8 characters. And last but not least, change passwords from time to time. I would recommend every 3-4 months but I know nobody will do it so at least change them once a year. Oh, and another thing, do not use the same password everywhere! Rather, install a password manager software that will help you not to lose them. Good luck!

Protecting Online Identity

Information is power. It has always been, but in the digital information age this statement is truer than ever. What is your name, when where you were born, who is your family, where you live, what schools have you done, where you worked, where you spend your holidays, where you shop and what you like to buy, what color you prefer, how you call your dog (or your cat), who are your friends, etc … All this information put together create our overall image, which shows identity and our lives.

Our close friends and family know the answers to most questions above. We like to think we can trust them. And it is healthy to have people, near you, who you can trust and who know you. But how would you feel if someone you have never heard about, that you know nothing about his character, knows the answers to all these questions? Personally I would feel uncomfortable. And I think we should start to feel uncomfortable because there are already organizations that hold this information.

Because I consider it, for now, the most powerful organization that operates online, I will talk about Google. The verb “search” in the context of the Internet is synonymous with Google. I heard quite a few people who do not say “Search the Web!” but directly “Google it!”. There are less syllables … or maybe because it is cool. The reality is that Google is genius in indexing the information available online. The amount of information is almost unimaginable, and Google has created an excellent search tool.

Here we meet the first problem. I do not think there is any particular place on the internet where there is concentrated enough information about me to cause me big problems. But dissipated in various areas of the Internet, there is enough. I’m a bit scared, frankly, to think about how much could now someone about me, if he or she would put together all the information available on the web. And Google can do this quite easily. For now, they use what they know for marketing purposes and they do a lot of money from it. The question is, what else will do with it in the future?

But in addition to collecting information from various web pages, Google has another set of means, more subtle in collecting information. Gmail, a marvelous email. Personally I was very excited when I started using it because they offered IMAP. I loved and still love to see my emails from any computer using email clients. And I do not like to delete any emails! This is the second problem. In the US the Electronic Communications Privacy Act protects our emails confidentiality for only 180 days. Privacy guaranteed level after this period is unclear. However, I do not know if you noticed, how correlated to your interests are the ads appearing on Gmail and Yahoo’s online interfaces (I refer only to these two companies as I have personal experience with both of them.)

Android. Exceptional as a technical achievement. Guess who makes it? Of course you know, Google. The problem? Any call, online search or map lookup can get to the manufacturer. If you smarphone has a built in GPS is even more fun. We always know where you are. And do not tell me that you turn off the GPS. If you will spend the effort to do it, guess what: Google has the right to uninstall and install applications remotely on your smartphone. Legally, under the terms of use. There is no point to get into discussion about 3rd party applications. It’s even messier.

The software collections does not end here. We have Google Chrome, Google Desktop, Picasa, Google Maps, Google Streetview and so on. All of them able to collect information. I do not want to plead against Google, this is not my intention. I will not go into any technical details as there are many online resources on these topics. Use Google and you’ll find them easily

:-)

. The problem is that we use all these tools without being aware of what lies behind them. The benefits come with their price.

I wish I could now offer you a simple solution. Unfortunately there is not a simple solution. There are no great technical solutions that protect us. The responsibility rests with us. We must educate ourselves to learn to use tools, provided by online companies, responsibly. I am sticking to pick up the ball at the net in this article, later this year will follow a series on how to survive the digital age. Until then, browse responsibly!