How do you automatically scan for malware in AES-256 encrypted files?
I am asking because Deutsche Post is offering something they call "E-PostBrief", which is seemingly encrypted but features a mandatory man-in-the-middle attack which is called 'malware scanner'. It's a joke honestly.
If the files are encrypted w/ aes, there's no scanner that could detect a virus in the file. Every file would be different depending on the AES key used to encrypt it.
The only way you're going to scan aes encrypted files is before they are encrypted.
Hmm.. that's nice, but I don't care, this NSA/GCHQ nonsense has burnt me for cloud computing, sorry.
What needs to happen is that the market heavily punish, and legal teams sue back into the stone age, those companies that collaborated. Then we need some legal structure in place that is a little more than "we promise we won't screw you".
It doesn't matter that this lot are based in Finland, because unless there is a heavy price for collaboration, the second they get big, the government of [insert jurisdiction here] will pressure them to turn data over and there will be little incentive to push back.
We need cloud-like tools, but we need them to be open source and secure. The question is, can you trust that data stored on an online service is as secure as you're led to believe?
There is a perfectly legal and effective way of punishing NSA-collaborating companies: don't use their products.
I have a server with OwnCloud which I use for file and calendar sharing. Don't pay for the server and don't have my info stored at the NSA. Problem solved.
Now please don't tell me that you want to punish NSA-collaborators... and yet use a Microsoft or Apple box.
F-Secure have been selling locked down rebranded dropbox clones for some time now; it's a little ironic to be all 'we believe in freedom' suddenly.
(For example, a typical custom client would let you 'backup' your content from one device to the the cloud. No sharing, no multi-device sync, can't backup those video files because those might be infringing some kind of copyright).
Disclaimer: F-Secure sponsored HelsinkiJS which I run & I demoed StartHQ cloud search there a month ago - it's nice to have a tight community here in Finland.
PS. It's also nice to see something other than mobile games coming out of here.
Nothing new really, without more details it's really just dropbox/drive/etc but hosted in Finland.
The only file sync that actually looks interesting to me is btsync, mostly because it is on your own devices only and it used the Bittorrent for file transfers, something I know from personal experience is very efficient.
That video is awful. Other than some ballons with the Apple and Android logos on and a very vague voice over it could have been for anything.
They should have gone with the cute little "hand drawn" diagrams/animations that have been quite popular over the past few years. At least that way they can show me what this service does.
Well, not being under US jurisdiction helps a bunch. Finland has no (publicly known) questionable ties to US based or other intelligence services.
The problem, of course, is that the international data cables to/from Finland go through Russia and Sweden. The former probably has no legal obstacles inspecting all web traffic and the latter is a known partner with the US/NSA in data inspection/gathering.
I think there is a huge opportunity for a more secure cloud storage application with stringent design that provides no access to the data to the organization providing the service. Unfortunately F-Secure did not implement this, but instead created a service that provides 'automatic virus inspection for your files'. That is just too close to 'automatic general inspection of your files' for my taste.
I hear you. Personally, I don't need "automatic virus inspection' of my files. I know what I'm uploading. I'm the first person I think about sharing my files with. Most of what I keep is thesis related (documentation, code, articles, etc...). I store files on Dropbox, and e-mail myself thoughts I have not to forget, links, etc.. I used to e-mail myself files, too, but Db took care of it.
Maybe I fail to see the benefit since I don't have an iPhone and I'm not on iTunes.. And even then, isn't there a Dropbox mobile app ?
Well, their USP (unique selling proposition) is that they are secure and that they respect your privacy.
From a functional/feature point of view, F-Secure's "Dropbox" is probably identical to their competitors'. Can "Fun" be objectively assessed? I doubt it. It's just confusing when you start off with important features such as security & privacy.
Why do I feel they cheapened that proposition by throwing in "Fun"?
Exactly. Here it is verbatim "We like what Dropbox and
SkyDrive do but where is the privacy and fun?". And I thought : "Are you kidding me?".
Like we're supposed to play with balloons and dance when uploading/downloading files and be all smiley. Fun ? Seriously ! I don't want it to be fun, I want it to be effectively done.
The promo video is really clumsy. Accusing a service of lacking privacy (how do you know?) and fun (really?) and furthermore, failing to tell how their service is more private (and fun?) just is clumsy.
Newbie marketing tactics, too: In my experience, the companies that accuse competitors' products of sucking, and fail to show how their own products are better aren't that great.
- How do they know Dropbox isn't fun ? I find Dropbox great for what I want it to do.
- How do they know Dropbox isn't secure? And claiming theirs is, how do we know it really is and not just a claim. In other words, if I were to ask folks at younited: What is Dropbox not doing that you are. Don't give me "not secure" answers, get technical. If they don't, it's just defamation.
How do you measure privacy and security? Is there really anything secure .. I always found that talking in absolutes really shady when it comes to security. I uninstalled McAffee ages ago after seeing a pop-up saying "total security" or something like that.
How can you guarantee privacy and security, when there are back-doors in the hardware itself. Then there's the user education (which you shouldn't count on), then there are the lines, then the ISP, and a whole bunch of routers and nodes and networks where the information passes.
I think the technical answer is that younited is aggregating your data across accounts such as Facebook, Dropbox, Picasa, etc. Dropbox doesn't do that, and it is actually nice to have all my data in one place.
However, IMHO, having everything in one place dramatically increases the responsibilities of that "place". And I don't think a simple "we promise we won't share your data with governments" is strong enough to gain our trust. After all, companies do change their ToS...
My main issue with Dropbox is that they aren't trustworthy.
How Dropbox lost my trust:
1) they flat-out lied in their promotional materials. They falsely claimed that data was kept encrypted and that they couldn't access it. They stopped claiming this only after a third-party revealed that it was a lie.
2) The CTO's reactions to major security flaws made crystal clear that he does not view loss exposures as a problem unless you suffer a loss.
3) The CTO's reactions to major security flaws made crystal clear that Dropbox prefers sweeping problems under the rug to transparency.
This has created a situation where a reasonable person can't ever really trust Dropbox.
Buzz-words and graphic design is like alcohol and barbiturates. Soon, someone will coin the expression "cloud measuring contest" and you'll actually hear people say "My cloud's better than yours".
