Dwight, thank you for a clear and helpful comment. 

The MLO profile as it sits on Windows is not clear text but it’s not 
encrypted either

when you say "profile" - do you mean one single file of MLO, or are you 
talking about MLO`s application that seats on my computer in jeneral
and also - how can one get to the un-clear text ? 

If someone gets a copy of your profile and does not know what it is, 
dumping out the contents will not reveal anything

how can a person get a copy?
you said "anyone who knows my userID", but why whould anyone will have that 
unless i want him to?...
I`m not following you here

if they manage to figure out that the file belongs to MLO (not too 
challenging to do) anyone can get a free copy of MLO and use it to print 
out all of your tasks and projects

again, how is that possible?
is I have a local password as well? (-->tools-->options-->password 
protection)

There may be solutions where you can encrypt certain files such as your MLO 
profile, and then arrange for the MLO program to see a decrypted image of 
the file. I have no knowledge of such solutions so I cannot comment on 
their feasibility or their adequacy, however, I could note that if the file 
itself is protected by encryption, then any backups would presumably be 
encrypted as well.

 

* Anyone who does have a recommendation about this/*

*disadventages about using one of the encryption software or maybe other 
suggestens?*

*or should I not trust the system for that purpose?*

* My wish is to make sure that nobody but myself and poeple who know the 
password (both the ID password or the entry password) will have access*


*MLO is amazing*

*This forum is very helpful as well and I want to thank you one more time,*

*Dwight*

*all*

*tnks*







בתאריך יום שני, 6 ביולי 2015 בשעה 07:36:39 UTC+3, מאת Dwight Arthur:

> Hi, Jonathan.
>
> In general, MLO data is not encrypted. When you use MLO cloud sync, the 
> data is encrypted while in transit from your device to the cloud, and while 
> in transit from the cloud back to your device. This encryption is because 
> MLO Cloud Sync uses Secure Sockets Layer (SSL) or maybe its successor, 
> Transport Layer Security (TLS). SSL or TLS are very respectable but are not 
> unbreakable. You can learn more about them at 
> https://en.wikipedia.org/wiki/Transport_Layer_Security 
> <https://www.google.com/url?q=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTransport_Layer_Security&sa=D&sntz=1&usg=AFQjCNHL6dSi2GGi7WWxTF-xTnHMHRf0Eg>.
>  
> Are they adequate? The answer depends on how much security you need, and 
> from whom. If you are trying to keep something secret from the US National 
> Security Agency, then it’s not adequate. If you want to keep your coworkers 
> from eavesdropping and getting a copy of your project plans, this is 
> probably more than adequate.
>
>  
>
> The cloud sync database itself is stored inside of the cloud computing 
> service known as Amazon Web Services, which is a well respected provider of 
> cloud computing. The database is not encrypted but it is protected by AWS’s 
> standard login security. There are applications that are much more 
> sensitive than MLO running on AWS. Again, the question of adequacy depends 
> on what security you need. If I had a project plan  that had a reasonable 
> chance of bankrupting Amazon Corporation, and Amazon knew about it, I would 
> not trust MLO cloud security to keep it secret, If I was worried about my 
> family members or coworkers, I would not be concerned about the cloud 
> storage.
>
>  
>
> The weakest link is your computer. The MLO profile as it sits on Windows 
> is not clear text but it’s not encrypted either. If someone gets a copy of 
> your profile and does not know what it is, dumping out the contents will 
> not reveal anything. However, I would guess that a reasonably skilled 
> hacker with a lot of time or some good tools could figure out your projects 
> from a copy of your file. Even worse, if they manage to figure out that the 
> file belongs to MLO (not too challenging to do) anyone can get a free copy 
> of MLO and use it to print out all of your tasks and projects. So the 
> question is. Who would be able to get a copy of your file if you have a 
> good password on your user ID. Answer: anyone who knows the password on 
> your userid. Also, if your pc is on a corporate network, then the system 
> administrators of your network. Or, if your PC is shared among several 
> family members, then anyone who knows the Admin password, which probably 
> means any smart teenaged children in your family. Also, as you mention, 
> backups are a concern: Anyone who can restore your MLO profile to their own 
> computer from your backup can just get a free copy of MLO and look at your 
> whole profile.
>
>  
>
> There may be solutions where you can encrypt certain files such as your 
> MLO profile, and then arrange for the MLO program to see a decrypted image 
> of the file. I have no knowledge of such solutions so I cannot comment on 
> their feasibility or their adequacy, however, I could note that if the file 
> itself is protected by encryption, then any backups would presumably be 
> encrypted as well.
>
>  
>
> You mention systems that would make encrypted backups. I believe that this 
> is feasible, however it would not do anything to mitigate the risk of 
> someone accessing your computer to obtain a copy of the profile. If you 
> believe that there is no significant risk of someone breaching your compute 
> itself, and no one but you would be taking backups, but you believe there’s 
> a risk of someone obtaining copies of backups after they are made, then an 
> encrypted backup would be a solution. This sounds to me like it would 
> probably not be effective, it would be like having strong locks on all the 
> windows but leaving the front door open.
>
>  
>
> The bottom line for me is that there are a number of things that I would 
> not put into MLO, including my date of birth and my social security number, 
> my planned gifts for my wife’s birthday, the account numbers and passwords 
> for my bank accounts and insurance accounts. I keep that stuff in a 
> password manager (https://en.wikipedia.org/wiki/Password_manager) and 
> when needed I put a link into MLO pointing to the relevant record in the 
> password manager. I believe that MLO security is adequate for non-sensitive 
> information but not adequate for sensitive information. I should note that 
> there are very few applications and systems available today that I consider 
> adequate for sensitive information, and MLO’s security is in my opinion 
> equal to or better than the majority of all productivity apps, most of 
> which I consider inadequate. I do not believe that there has been any 
> announcement or suggestion that MLO will be enhanced in the near future to 
> provide radically better security. From the other direction, there have 
> recently been a number of user requests for a web interface to allow MLO 
> users to view, change and create tasks, this would be a secured public 
> interface to the cloud database. In my view if the MLO developers build 
> such a thing it will effectively lower the level of security available for 
> your data.
>
> -Dwight
>
>  
>
>  
>
>  
>
> *From:* [email protected] <javascript:> [mailto:
> [email protected] <javascript:>] *On Behalf Of *Jonathan
> *Sent:* Friday, July 03, 2015 9:33 PM
> *To: [email protected] <javascript:>*
> *Subject: [MLO] Local security*
>
>  
>
> Hello,
>
>  
>
> please forgive me for possible mistakes in english
>
>  
>
> I was looking for similar posts but couldn`t find a spesific answer to my 
> small issue -
>
>  
>
> I understand from earlyer posts that the data is backuped and encrypted 
> between devises on MLO`s cloud service
>
>  
>
> but since I`m not a computer export I wanted to ask a more basic question:
>
>  
>
> assuming that I use the password protect feature, How secure is the 
> encryption on the computer itself, if any?
>
>  
>
> 1. MLO data file
>
> 2. Local Backups
>
> 3. advenced backups
>
>  
>
> *** I use 2 differente computers on work and prefer not to use it on a 
> flash drive
>
>  
>
> if one have access to the computer and wish to see my data, by mistake or 
> by porpuse, or a computer technician have access to computer/s etc - how 
> can they see the data if they relly want to?
>
>  
>
> I olso have my own MLO Pro in my home and it whoud even help me there, as 
> I`d like to be as relaxed as I can about this (even if it`s just paranoia, 
> which is not)
>
>  
>
> soppose It`s not good enough for my needs - do you have better 
> recomodations about better solution such as Axcrypt / Boxcrypter / 
> Truecrypt etc ?
>
>  
>
> (and I`m talking about backups too!)
>
>  
>
> if so - whould it not mess-up my wifi / cloud sync (right now I use cloud 
> service but this can change) or something?
>
>  
>
> I hope I was clear enough
>
>  
>
> THANKYOU in advence
>
>  
>
> regards
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "MyLifeOrganized" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected] <javascript:>.
> To post to this group, send email to [email protected] 
> <javascript:>.
> Visit this group at http://groups.google.com/group/mylifeorganized.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mylifeorganized.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mylifeorganized/d7830168-58db-4a60-8aa1-e00c6edafc9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to