And today, we bring you this... http://news.yahoo.com/blogs/ticket/us-govt-secretly-collecting-data-millions-verizon-users-013542225.html
On Wed, Jun 5, 2013 at 10:53 AM, Jon Harris <[email protected]> wrote: > Does not mean they are not looking into your cloud servers any more than > you can be sure they are not reading your email. ACLU and EFF have been > fighting the USG for years over their searching of email in-flight without > warrants. IRS has been grabbing email the same way either in flight or > stored on the web (cloud). Those are just what is known by the media what > don't they know about? AP had their phone records searched and their text > copied by the USG for months before anyone found out and even now they, > USG, is denying they did any thing wrong. They have done all this without > any warrants and in the first instance just grabbed all the email going > through Internet routers without regard to who they were getting. > > Jon > > ------------------------------ > From: [email protected] > > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 10:01:14 -0400 > > "We" the average citizen, may never know what has actually been "hacked or > cracked" , however, I don't see any intelligence agency or other government > institution , exposing the fact that have the capability of readliy > cracking an AES cipher, just to arrest "joe blow inc." and shut them down- > this is just my opinion. > > > > > > > > > > > > Jean-Paul Natola > > > > ------------------------------ > From: [email protected] > > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 13:53:34 +0000 > > Yeah gotta agree with Ken’s points on this one. > > > > Also AES 128 or better here. > > > > Z > > > > Edward E. Ziots, CISSP, CISA, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > Work:401-255-2497 > > > > > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you. > > *[image: Description: Description: Lifespan]* > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jean-Paul N > *Sent:* Wednesday, June 05, 2013 9:48 AM > > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers > > > > the app has all the options from blowfish to des , 3des etc.. > I personally use AES 256 > > > > > > > > > > > > Jean-Paul Natola > > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 04:50:11 +0000 > > Interesting. What encryption algorithm do you use, that you can guarantee > that it’s not going to be obsolete years, let alone decades from now? > > > > -- > > http://au.linkedin.com/in/kschaefer > > Typed on a Lenovo Helix – apologies for brevity > > > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jean-Paul N > *Sent:* Wednesday, 5 June 2013 12:56 PM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers > > > > Not sure how this plays into the scheme of things, but I deal with offsite > data backup ( for exchange, ad, file servers etc...) except someone gives > the authorities the encryption key, they will spend decades trying to > decrypt the data). > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 01:40:24 +0000 > > Governments that “don’t play by the rules” aren’t going to be stopped on > your company’s doorstop by some lawyers either. > > > > Governments like Russia’s can find ways to throw you in jail for decades > and steal your multi-billion dollar company (Khordorkovsky and Yukos) > without too much trouble. Or assassinate you if you’re not quite as high > profile. And Russia’s government isn’t even particularly nasty in the > global scheme of things. > > > > In fact, the only way I can see your method working is for each > organisation to have their own data centres, with their own security guards > and so on. Each time you contract someone else for data centre facilities > you run the risk that they might let some “authority” in to take away your > hardware or data. Organisations with plenty of legal firepower have been > using 3rd party data centres for a long time, so there must be ways to > manage this risk. I don’t know what they are, but I can assure you that > most major banks do not own their own DC facilities in every country that > they’re in. > > > > Cheers > > Ken > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jon Harris > *Sent:* Wednesday, 5 June 2013 11:06 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers > > > > I am trying to point out that not all governments will play totally by the > rules. A search warrant, at least in the states, requires some proof of > wrong doing along with a judges blessing. The warrant I am referring to is > just a government letter saying we want access, and would potentially > specify that the cloud vendor not tell their client that this is happening > the agency does not even have to get a judges blessing on the search. I > believe there have been a number of instances where this has happened > already but I can't site any specifically. On premise data would at least > be safer from that kind of thing happening. It is harder to have > government agents walk up to a door of a company and tell them 'hey we > demand access to all of your servers so that we can snoop around and > see what you are doing' and not have a bunch of lawyers demanding to see > the proof of wrong doing. A cloud vendor would not be in a position until > all the legal challenges are done to tell those same government agents 'no' > without incurring some liability. Once all the legal challenges are done > and the cloud vendors have all the legal contracts in place and some sort > of protection from the potential criminal liability then the cloud would > be to some degree safer for companies to move to it. I am not condemning > it's use just handing out an opinion as to this movement with less than > critical thinking by SMB's. > > Jon > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 00:41:35 +0000 > > I hate to say it but I see a lot of companies regretting the decision to > jump to the web when some gov decides it can just issue a warrant and start > searching that businesses digital material. > > > > > > What does “jumping to the web” have to do with cloud? If the authorities > can get a warrant, they can just turn up at your door and seize your paper > files if you insist on not having anything digital. > > > > Perhaps I’m a bit confused as to whether you’re condemning (1) the use of > digital media, (2) putting things onto the WWW, or (3) using a cloud > provider. If it’s either (1) or (2) I think you’d have a hard time > convincing anyone that the risks and costs outweigh the benefits. > > > Cheers > > Ken > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jon Harris > *Sent:* Wednesday, 5 June 2013 10:17 AM > *To:* [email protected] > *Subject:* RE: [NTSysADM] RE: Microsoft's 'Blue' servers > > > > I hate to say it but I see a lot of companies regretting the decision to > jump to the web when some gov decides it can just issue a warrant and start > searching that businesses digital material. The IRS has been doing it with > emails claiming they have the right to do it. It may not be the American > gov that does this first (but I would not bet against it) and it will > cost some company big time. > > I seem to also remember someone on the list a few months ago posting an > article about a hack that allowed for cloud machines to be compromised if > where were on the same hypervisor. > > Jon > > ------------------------------ > > From: [email protected] > To: [email protected] > Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers > Date: Wed, 5 Jun 2013 00:05:46 +0000 > > It won’t happen overnight. But my prediction is that eventually the > providers will, after grabbing the non-complex mass market, start going > after industry verticals. They’ll start with the low-hanging fruit (i.e. > smaller firms that exist in just one jurisdiction). They’ll get a bunch of > lawyers, talk to regulators and so on, and start marketing a ‘certified’ > solution for that industry – possibly with some level of indemnification. > > > > It’s definitely customers who are pushing the “cloud” thing – even in some > large FSI corps that I’ve colleagues in are pushing this. They’re turning > to their current outsourcers and asking “why can’t I get the same > flexibility/pricing/etc from you that I can get from Amazon?” “Why does it > take you 6 weeks to give me a server whereas Amazon can give me one in 2 > hours?” and so on. It’s going to be a huge issue for HP/CSC/IBM, which is > why they’re scrambling to put together their own cloud offerings. VMWare’s > also sniffing around – touting their services business as a replacement for > incumbent outsourcers. > > > > Cheers > > Ken > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *James Rankin > *Sent:* Wednesday, 5 June 2013 1:07 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] RE: Microsoft's 'Blue' servers > > > > Hmmm, sounds like MS' approach is that they've decided that The Cloud is > unavoidable, or will at least represent the "sensible choice" in future > > > > For dev and test environments, sure, and maybe smaller enterprises without > regulatory requirements and/or no budget to spare for private > infrastructure, but throw in any kind of data security and integrity - > particularly anything that has implications related to storing information > in other global jurisdictions - and I just get the feeling that it won't > take off as much as everyone would have us believe. > > > > I'm also becoming less convinced of Microsoft's capability to respond to > customer requirements, although to be honest that's exhibiting more in the > consumer end at the moment than business. > > > > I'm not known as any kind of trend-predictor or tech commentator, though, > so I'm just stating my gut feelings :-) > > > > > On 4 June 2013 15:52, <[email protected]> wrote: > > They will never position it as something you HAVE to do or else (like > Google). They are developing the technology so that when you’re ready, it > will be ready for your needs. The Cloud leader will be the one that can > show “why” it makes sense to move, not that moving is the only choice. > > > > Sent from Microsoft Surface Pro > > > > *From:* James Rankin > *Sent:* Tuesday, June 4, 2013 9:33 AM > *To:* [email protected] > > > > But the expectation is that "years later" everyone will go cloud-based of > some sort? > > > > I can see that not flying for a lot of orgs - if MS take the "shove it > down your throat regardless" option they did with some of the Win8 > features, it might change the landscape somewhat > > > > Just my ill-informed and quickly-formulated opinion :-) > > > > On 4 June 2013 15:27, Michael B. Smith <[email protected]> wrote: > > Microsoft wants to drive you to the cloud. > > > > Some people will settle on a single version of the software and then move > years later. There is no ostensible requirement to keep pace with Microsoft. > >
<<image001.jpg>>
