tech

Microsoft warns thousands of cloud customers of data vulnerability

22 Comments

The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.

© 2021 AFP

©2021 GPlusMedia Inc.

22 Comments
Login to comment

Live by the cloud, die by the cloud. Nothing can change that.

Beware that cloudy services are just running your code on someone else's computers, connected to someone else's storage at the end of someone else's network.

There are things that are perfect for cloudy deployments. Anything you want to share, for free, with the world belongs on a cloudy service. Everything else ... not so much.

Sensitive data should never be placed in any cloudy DB.

11 ( +11 / -0 )

LOL!!! Tell us something new!!! Cloud storage has never been safe and never will be. One got to protect files yourself by encrypting everything with PGP or something similar before uploading.

4 ( +4 / -0 )

Relax. It was just to allow Apple to check it.

Personally, I think you should never let your data leave your own systems. But if you do use cloud storage, encrypt everything, and do the encryption yourself before it leaves your kit.

6 ( +6 / -0 )

recently discovered flaw that left their data vulnerable for an extended period

"Microsoft only emailed customers that were affected during our short (approximately weeklong) research period," Wiz said. "However... the vulnerability has been exploitable for at least several months, possibly years."

.

Possibly the vulnerability been in it since it was launched.

.

The U.S. tech company has recently suffered a series of security issues

.

Recently ! like every few months a security issue comes out

.

Earlier this year, Microsoft disclosed that a state-sponsored hacking group operating out of China was exploiting security flaws in its Exchange email services, a potentially devastating hack believed to have affected at least 30,000 Microsoft email servers in government and private networks.

The company was then also attacked by the suspected Russian group behind the 2020 hack of the SolarWinds software company.

.

Why does MS not simplify windows and reduce the number of holes it still has to be exposed.

.

ways to fight ransomware attacks and defend cloud computing systems from hackers.

.

Best way is to use something other than windows.

2 ( +3 / -1 )

There entire reason to be is gone. Like a change room with see through glass. Pathetic.

3 ( +3 / -0 )

theFu

Correct.

I warned my IT colleges over a decade ago when cloud computing was in it's infancy that it would never be secure and always giving your data to unknown or even known entities gives short term savings for lack control and of long term security.

Leave the cloud to free and universal data only. Nobody takes security of your data as serious as you do. And if you dont take it serious then your destined to be hacked or lose it in the cloud.

4 ( +4 / -0 )

On the OneDrive there is a separate file vault requiring a password.

-2 ( +0 / -2 )

Memorize your data or use pen and paper and wear it near your body. Everything else is less safe and in fact like a publicly open book or diary. lol

-1 ( +0 / -1 )

Got my own personal cloud, I don't trust these big tech companies and I especially don't trust the government.

0 ( +2 / -2 )

bass4funk

Got my own personal cloud, I don't trust these big tech companies and I especially don't trust the government.

How does that work?

I can access my computer and drives from any of my devices so that is also a personal cloud.

1 ( +1 / -0 )

I use Amber X

0 ( +0 / -0 )

Amber X sounds good. Bit expensive but you also need to be backing up your data. No off site?

0 ( +0 / -0 )

This Amber X doesn't look to be true "cloud" storage, which is when applications are disbursed over multiple servers, making it quickly accessible from various locations in the world rather than from a centralized location. However, "cloud" is often used to refer to something accessible from the internet. Amber X looks to be a remotely accessible network storage. I like the idea for the home user.

0 ( +0 / -0 )

I use Apple cloud storage for pictures. Handy and safe.

1 ( +2 / -1 )

i quit all-time-problematic windows a decade ago and yes i have never regretted it.

1 ( +1 / -0 )

Many commenters in the discussion here seem to have absolutely no or superficial IT knowledge and have no idea what the topic is about. And it is not about Winblows vs Linux/Mac.

2 ( +2 / -0 )

Amber X is crowd-funded and they are only just starting to ship to the first backers.

0 ( +0 / -0 )

Amber X is crowd-funded and they are only just starting to ship to the first backers.

It doesn't seem to be be a cloud as such, just the next logical step to the external hard drive that we've been using for years. However, it is a good idea.

0 ( +0 / -0 )

Don't store anything to the cloud that you want to keep confidential. Hackers are more than welcome to look at photos of my dog!

0 ( +0 / -0 )

Got my own personal cloud, I don't trust these big tech companies and I especially don't trust the government.

I've had access to my systems remotely for decades over ssh/sftp/sshfs or using a VPN (the server runs on my systems at home). Authentication uses keys, never passwords.

Be very careful using "cloud" storage inside your that can be accessed from the outside if you don't know what a registrar and dns and vpn are. If you don't setup these things yourself, then someone else has access.

All those remote desktop things that are really easy to use 99% of the time are a security failure waiting to be cracked. LogMeIn or RDP or VNC are all terrible for security.

"Security" isn't a check box to toggle on or off. Security is only possible using multiple layers of blocks, careful choices about authentication and preventing 99.999999% of the world from having any access at all. If only 10 devices should be able to access your home storage, then don't allow any other devices to even see it.

0 ( +0 / -0 )

BTW, a raspberry pi v3 with 1 external USB "desktop" HDD can be used for this. Say $50 for the HDD and $40 for the Pi.

Domain registration is less than $10/yr (not strictly required) and your home router can almost certainly forward a high tcp port to the Pi to provide ssh, scp, sftp, rsync, sshfs and x2go remote access. Many "dns forwarder" services are free - check out no-ip and many routers will have a page to enter the dns-forwarder service and so any IP changes cause an update.

For debian-based systems, to install and initially configure the main services,

sudo apt install ssh fail2ban rsync sshfs

ssh-key creation happens on the clients, so it is different. For Unix-based clients, use these 2 commands:

Step 1: Run on the client as the normal user:

  $ ssh-keygen -t ed25519

Step 2: Run from the client to the server:

  $ ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote

From that point on, ssh-based connections of any sort will be key authenticated. This is the only time that I know where security is both massively improved AND easier to use.

0 ( +0 / -0 )

Security and accessibility needs to be proportionate to your needs. If you only have cat photos, you don't need to start learning Linux, and you are unlikely to be hacked by elite Russian cyber units. Simply having a couple of backups is actually more important. You do have backups, don't you?

Network Addressed Storage (NAS) devices have been around for a while. It can help to get one with two drives, mirroring your data as a backup (a very simple RAID array). Even then, your backup is a bit close to your main drive. Ideally you need two backup drives in different places. They can all be local to you, but do keep one in a water/fire/theft/nuke-proof box. Or surround it with old Nokia phones. End to end encryption is always good.

Amber X looks to have nice, punter-friendly software. Maybe too nice. Making it easy to share music and video might get you (or them) into bother.

Ultimately, the problem is that your NAS drive has to be on and connected somewhere for you to access it, via your connection. Power goes down. ISP connections go down. Even infrastructure can go down. And almost anything can be blocked.

Keeping a copy of the stuff you need with you, encrypted, on a shock-proof external hard drive or memory card, may remain a good idea should you be travelling.

0 ( +0 / -0 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites