There may be solutions where you can encrypt certain files such as your MLO 
profile, and then arrange for the MLO program to see a decrypted image of 
the file. I have no knowledge of such solutions so I cannot comment on 
their feasibility or their adequacy, however, I could note that if the file 
itself is protected by encryption, then any backups would presumably be 
encrypted as well.

 

You mention systems that would make encrypted backups. I believe that this 
is feasible, however it would not do anything to mitigate the risk of 
someone accessing your computer to obtain a copy of the profile. If you 
believe that there is no significant risk of someone breaching your compute 
itself, and no one but you would be taking backups, but you believe there’s 
a risk of someone obtaining copies of backups after they are made, then an 
encrypted backup would be a solution. This sounds to me like it would 
probably not be effective, it would be like having strong locks on all the 
windows but leaving the front door open.
Dwight
I`m sorry,
but I was sure it`s the same
you tell that I cannot encrypt my files in the "regular way" such as 
Axcrypt Boxcrypt True creapt etc
but just the backups?........

MLO is propebly the only program in my computer/s which I am troubled about

suggestens?

BTW sorry for my horrible english

בתאריך יום שני, 6 ביולי 2015 בשעה 07:36:39 UTC+3, מאת Dwight Arthur:
>
> Hi, Jonathan.
>
> In general, MLO data is not encrypted. When you use MLO cloud sync, the 
> data is encrypted while in transit from your device to the cloud, and while 
> in transit from the cloud back to your device. This encryption is because 
> MLO Cloud Sync uses Secure Sockets Layer (SSL) or maybe its successor, 
> Transport Layer Security (TLS). SSL or TLS are very respectable but are not 
> unbreakable. You can learn more about them at 
> https://en.wikipedia.org/wiki/Transport_Layer_Security. Are they 
> adequate? The answer depends on how much security you need, and from whom. 
> If you are trying to keep something secret from the US National Security 
> Agency, then it’s not adequate. If you want to keep your coworkers from 
> eavesdropping and getting a copy of your project plans, this is probably 
> more than adequate.
>
>  
>
> The cloud sync database itself is stored inside of the cloud computing 
> service known as Amazon Web Services, which is a well respected provider of 
> cloud computing. The database is not encrypted but it is protected by AWS’s 
> standard login security. There are applications that are much more 
> sensitive than MLO running on AWS. Again, the question of adequacy depends 
> on what security you need. If I had a project plan  that had a reasonable 
> chance of bankrupting Amazon Corporation, and Amazon knew about it, I would 
> not trust MLO cloud security to keep it secret, If I was worried about my 
> family members or coworkers, I would not be concerned about the cloud 
> storage.
>
>  
>
> The weakest link is your computer. The MLO profile as it sits on Windows 
> is not clear text but it’s not encrypted either. If someone gets a copy of 
> your profile and does not know what it is, dumping out the contents will 
> not reveal anything. However, I would guess that a reasonably skilled 
> hacker with a lot of time or some good tools could figure out your projects 
> from a copy of your file. Even worse, if they manage to figure out that the 
> file belongs to MLO (not too challenging to do) anyone can get a free copy 
> of MLO and use it to print out all of your tasks and projects. So the 
> question is. Who would be able to get a copy of your file if you have a 
> good password on your user ID. Answer: anyone who knows the password on 
> your userid. Also, if your pc is on a corporate network, then the system 
> administrators of your network. Or, if your PC is shared among several 
> family members, then anyone who knows the Admin password, which probably 
> means any smart teenaged children in your family. Also, as you mention, 
> backups are a concern: Anyone who can restore your MLO profile to their own 
> computer from your backup can just get a free copy of MLO and look at your 
> whole profile.
>
>  
>
> There may be solutions where you can encrypt certain files such as your 
> MLO profile, and then arrange for the MLO program to see a decrypted image 
> of the file. I have no knowledge of such solutions so I cannot comment on 
> their feasibility or their adequacy, however, I could note that if the file 
> itself is protected by encryption, then any backups would presumably be 
> encrypted as well.
>
>  
>
> You mention systems that would make encrypted backups. I believe that this 
> is feasible, however it would not do anything to mitigate the risk of 
> someone accessing your computer to obtain a copy of the profile. If you 
> believe that there is no significant risk of someone breaching your compute 
> itself, and no one but you would be taking backups, but you believe there’s 
> a risk of someone obtaining copies of backups after they are made, then an 
> encrypted backup would be a solution. This sounds to me like it would 
> probably not be effective, it would be like having strong locks on all the 
> windows but leaving the front door open.
>
>  
>
> The bottom line for me is that there are a number of things that I would 
> not put into MLO, including my date of birth and my social security number, 
> my planned gifts for my wife’s birthday, the account numbers and passwords 
> for my bank accounts and insurance accounts. I keep that stuff in a 
> password manager (https://en.wikipedia.org/wiki/Password_manager) and 
> when needed I put a link into MLO pointing to the relevant record in the 
> password manager. I believe that MLO security is adequate for non-sensitive 
> information but not adequate for sensitive information. I should note that 
> there are very few applications and systems available today that I consider 
> adequate for sensitive information, and MLO’s security is in my opinion 
> equal to or better than the majority of all productivity apps, most of 
> which I consider inadequate. I do not believe that there has been any 
> announcement or suggestion that MLO will be enhanced in the near future to 
> provide radically better security. From the other direction, there have 
> recently been a number of user requests for a web interface to allow MLO 
> users to view, change and create tasks, this would be a secured public 
> interface to the cloud database. In my view if the MLO developers build 
> such a thing it will effectively lower the level of security available for 
> your data.
>
> -Dwight
>
>  
>
>  
>
>  
>
> *From:* [email protected] <javascript:> [mailto:
> [email protected] <javascript:>] *On Behalf Of *Jonathan
> *Sent:* Friday, July 03, 2015 9:33 PM
> *To:* [email protected] <javascript:>
> *Subject:* [MLO] Local security
>
>  
>
> Hello,
>
>  
>
> please forgive me for possible mistakes in english
>
>  
>
> I was looking for similar posts but couldn`t find a spesific answer to my 
> small issue -
>
>  
>
> I understand from earlyer posts that the data is backuped and encrypted 
> between devises on MLO`s cloud service
>
>  
>
> but since I`m not a computer export I wanted to ask a more basic question:
>
>  
>
> assuming that I use the password protect feature, How secure is the 
> encryption on the computer itself, if any?
>
>  
>
> 1. MLO data file
>
> 2. Local Backups
>
> 3. advenced backups
>
>  
>
> *** I use 2 differente computers on work and prefer not to use it on a 
> flash drive
>
>  
>
> if one have access to the computer and wish to see my data, by mistake or 
> by porpuse, or a computer technician have access to computer/s etc - how 
> can they see the data if they relly want to?
>
>  
>
> I olso have my own MLO Pro in my home and it whoud even help me there, as 
> I`d like to be as relaxed as I can about this (even if it`s just paranoia, 
> which is not)
>
>  
>
> soppose It`s not good enough for my needs - do you have better 
> recomodations about better solution such as Axcrypt / Boxcrypter / 
> Truecrypt etc ?
>
>  
>
> (and I`m talking about backups too!)
>
>  
>
> if so - whould it not mess-up my wifi / cloud sync (right now I use cloud 
> service but this can change) or something?
>
>  
>
> I hope I was clear enough
>
>  
>
> THANKYOU in advence
>
>  
>
> regards
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "MyLifeOrganized" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to [email protected] <javascript:>.
> To post to this group, send email to [email protected] 
> <javascript:>.
> Visit this group at http://groups.google.com/group/mylifeorganized.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/mylifeorganized/a00952c0-308e-498d-a323-c0909ab784c7%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"MyLifeOrganized" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mylifeorganized.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/mylifeorganized/75f81e5f-bbb8-4d52-9762-9b9680c429e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to