Does this shock anyone? My reaction is "Well, no sh**" 25 years ago we would have taken to the streets rioting and protesting on a massive scale.
From: [email protected] [mailto:[email protected]] On Behalf Of Don Ely Sent: Thursday, June 06, 2013 10:29 AM To: ntsysadm Subject: Re: [NTSysADM] RE: Microsoft's 'Blue' servers And today, we bring you this... http://news.yahoo.com/blogs/ticket/us-govt-secretly-collecting-data-millions -verizon-users-013542225.html On Wed, Jun 5, 2013 at 10:53 AM, Jon Harris <[email protected]> wrote: Does not mean they are not looking into your cloud servers any more than you can be sure they are not reading your email. ACLU and EFF have been fighting the USG for years over their searching of email in-flight without warrants. IRS has been grabbing email the same way either in flight or stored on the web (cloud). Those are just what is known by the media what don't they know about? AP had their phone records searched and their text copied by the USG for months before anyone found out and even now they, USG, is denying they did any thing wrong. They have done all this without any warrants and in the first instance just grabbed all the email going through Internet routers without regard to who they were getting. Jon _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 10:01:14 -0400 "We" the average citizen, may never know what has actually been "hacked or cracked" , however, I don't see any intelligence agency or other government institution , exposing the fact that have the capability of readliy cracking an AES cipher, just to arrest "joe blow inc." and shut them down- this is just my opinion. Jean-Paul Natola _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 13:53:34 +0000 Yeah gotta agree with Ken's points on this one. Also AES 128 or better here. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected] Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. Description: Description: Lifespan From: [email protected] [mailto:[email protected]] On Behalf Of Jean-Paul N Sent: Wednesday, June 05, 2013 9:48 AM To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers the app has all the options from blowfish to des , 3des etc.. I personally use AES 256 Jean-Paul Natola _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 04:50:11 +0000 Interesting. What encryption algorithm do you use, that you can guarantee that it's not going to be obsolete years, let alone decades from now? -- <http://au.linkedin.com/in/kschaefer> http://au.linkedin.com/in/kschaefer Typed on a Lenovo Helix - apologies for brevity From: [email protected] [mailto:[email protected]] On Behalf Of Jean-Paul N Sent: Wednesday, 5 June 2013 12:56 PM To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Not sure how this plays into the scheme of things, but I deal with offsite data backup ( for exchange, ad, file servers etc...) except someone gives the authorities the encryption key, they will spend decades trying to decrypt the data). _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 01:40:24 +0000 Governments that "don't play by the rules" aren't going to be stopped on your company's doorstop by some lawyers either. Governments like Russia's can find ways to throw you in jail for decades and steal your multi-billion dollar company (Khordorkovsky and Yukos) without too much trouble. Or assassinate you if you're not quite as high profile. And Russia's government isn't even particularly nasty in the global scheme of things. In fact, the only way I can see your method working is for each organisation to have their own data centres, with their own security guards and so on. Each time you contract someone else for data centre facilities you run the risk that they might let some "authority" in to take away your hardware or data. Organisations with plenty of legal firepower have been using 3rd party data centres for a long time, so there must be ways to manage this risk. I don't know what they are, but I can assure you that most major banks do not own their own DC facilities in every country that they're in. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Wednesday, 5 June 2013 11:06 AM To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers I am trying to point out that not all governments will play totally by the rules. A search warrant, at least in the states, requires some proof of wrong doing along with a judges blessing. The warrant I am referring to is just a government letter saying we want access, and would potentially specify that the cloud vendor not tell their client that this is happening the agency does not even have to get a judges blessing on the search. I believe there have been a number of instances where this has happened already but I can't site any specifically. On premise data would at least be safer from that kind of thing happening. It is harder to have government agents walk up to a door of a company and tell them 'hey we demand access to all of your servers so that we can snoop around and see what you are doing' and not have a bunch of lawyers demanding to see the proof of wrong doing. A cloud vendor would not be in a position until all the legal challenges are done to tell those same government agents 'no' without incurring some liability. Once all the legal challenges are done and the cloud vendors have all the legal contracts in place and some sort of protection from the potential criminal liability then the cloud would be to some degree safer for companies to move to it. I am not condemning it's use just handing out an opinion as to this movement with less than critical thinking by SMB's. Jon _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 00:41:35 +0000 I hate to say it but I see a lot of companies regretting the decision to jump to the web when some gov decides it can just issue a warrant and start searching that businesses digital material. What does "jumping to the web" have to do with cloud? If the authorities can get a warrant, they can just turn up at your door and seize your paper files if you insist on not having anything digital. Perhaps I'm a bit confused as to whether you're condemning (1) the use of digital media, (2) putting things onto the WWW, or (3) using a cloud provider. If it's either (1) or (2) I think you'd have a hard time convincing anyone that the risks and costs outweigh the benefits. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Wednesday, 5 June 2013 10:17 AM To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers I hate to say it but I see a lot of companies regretting the decision to jump to the web when some gov decides it can just issue a warrant and start searching that businesses digital material. The IRS has been doing it with emails claiming they have the right to do it. It may not be the American gov that does this first (but I would not bet against it) and it will cost some company big time. I seem to also remember someone on the list a few months ago posting an article about a hack that allowed for cloud machines to be compromised if where were on the same hypervisor. Jon _____ From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: Microsoft's 'Blue' servers Date: Wed, 5 Jun 2013 00:05:46 +0000 It won't happen overnight. But my prediction is that eventually the providers will, after grabbing the non-complex mass market, start going after industry verticals. They'll start with the low-hanging fruit (i.e. smaller firms that exist in just one jurisdiction). They'll get a bunch of lawyers, talk to regulators and so on, and start marketing a 'certified' solution for that industry - possibly with some level of indemnification. It's definitely customers who are pushing the "cloud" thing - even in some large FSI corps that I've colleagues in are pushing this. They're turning to their current outsourcers and asking "why can't I get the same flexibility/pricing/etc from you that I can get from Amazon?" "Why does it take you 6 weeks to give me a server whereas Amazon can give me one in 2 hours?" and so on. It's going to be a huge issue for HP/CSC/IBM, which is why they're scrambling to put together their own cloud offerings. VMWare's also sniffing around - touting their services business as a replacement for incumbent outsourcers. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Wednesday, 5 June 2013 1:07 AM To: [email protected] Subject: Re: [NTSysADM] RE: Microsoft's 'Blue' servers Hmmm, sounds like MS' approach is that they've decided that The Cloud is unavoidable, or will at least represent the "sensible choice" in future For dev and test environments, sure, and maybe smaller enterprises without regulatory requirements and/or no budget to spare for private infrastructure, but throw in any kind of data security and integrity - particularly anything that has implications related to storing information in other global jurisdictions - and I just get the feeling that it won't take off as much as everyone would have us believe. I'm also becoming less convinced of Microsoft's capability to respond to customer requirements, although to be honest that's exhibiting more in the consumer end at the moment than business. I'm not known as any kind of trend-predictor or tech commentator, though, so I'm just stating my gut feelings :-) On 4 June 2013 15:52, <[email protected]> wrote: They will never position it as something you HAVE to do or else (like Google). They are developing the technology so that when you're ready, it will be ready for your needs. The Cloud leader will be the one that can show "why" it makes sense to move, not that moving is the only choice. Sent from Microsoft Surface Pro From: James Rankin Sent: Tuesday, June 4, 2013 9:33 AM To: <mailto:[email protected]> [email protected] But the expectation is that "years later" everyone will go cloud-based of some sort? I can see that not flying for a lot of orgs - if MS take the "shove it down your throat regardless" option they did with some of the Win8 features, it might change the landscape somewhat Just my ill-informed and quickly-formulated opinion :-) On 4 June 2013 15:27, Michael B. Smith <[email protected]> wrote: Microsoft wants to drive you to the cloud. Some people will settle on a single version of the software and then move years later. There is no ostensible requirement to keep pace with Microsoft.
<<image001.jpg>>
