Re: Facebook is getting KILLED!

Yes, encryption is ultimately critical, but the primary issue is central versus decentralized control. Distributed data & analysis capabilities means distributed social power.

Re: Facebook is getting KILLED!

Craigslist and FacePalm all in one!

Re: Facebook is getting KILLED!

Encryption is all well and good, but unless you're sending information just to yourself, you must actually decrypt at some point.

And where will you decrypt? On someone's cell phone? On your own server acting as choke pipe to your cloud? Or as yet another floating program in the cloud?

Don't get me wrong - cloud is perfectly fine for most applications. However, if you have any kind of sensitive data whether it is customer info, your own IP, or what not, it is really foolish to trust it to cloud.

A cloud 'application', unless it has its own ridonkulous security, is easily spoofed into being used for purposes other than what its owner intends, because by design it is an independent entity.

Do you know how difficult it is to build a software emulation wall around a piece of code or even hardware?

Re: Facebook is getting KILLED!

My understanding of crypto revolves mostly around closed system military coms.

But I have had a play with personal use PGP type email/data crypto.

I am also aware there are a number of ways to penetrate encryption beyond just brute forcing older/weaker crypto, as well as attacking system vulnerabilities.

Systems already exist to better ensure data security and there would be thousands of engineers around the world with considerable experience designing/building/maintaining/cracking crypto and the systems built around it.

Surely someone, somewhere has developed(or could if so inclined) a fairly elegant means of sharing data securely between two or more parties with ease that possesses a high enough level of security balanced against inherent vulnerabilities.

While I'm sure you know the challenges presented better than I, systems such as these already exist.

ANY communication of sensitive data, no matter how closely circulated and how well encrypted, is at risk of compromise.

I'd think the majority of folks and companies would be comfortable right now with the prospect of their data encrypted to a standard that should be secure for another 20-30 years at current rate of advance.

Most folks would be happy with being the "grey man" having their data encrypted and hidden in plain site. So many people have comprised computers due to malware, but how many are actually penetrated and used in any meaningful way?

It's like the failure of 1984......watching everyone is quite labour intensive.....mining attacked/compromised data takes time.

Government and criminals often go after the low hanging fruit......but most people's data would probably be in the realm of a worm ridden cherry at the top of the tree.

Risk/reward, economy of effort, return no investment.

I understand the points about crypto vulnerabilities from points all around the compass.....but most people aren't worth the effort to attack.....mediocre to decent upgradeable crypto for the masses would put more folks in the realm of having a giant rottweiller or two to guard against a home data invasion.

I'm no expert, but it makes sense to me.

Re: Facebook is getting KILLED!

With closed system military coms, you control the hardware, software and OS, if not the personnel accessing said hardware and software.

With real life applications and cloud, you only control some of the software. You don't control anything else.

If the information in question is never actually accessed by the public, you can control security better though not at all necessarily well - as the LinkedIn, Facebook, and myriad other examples indicate.

If, on the other hand, you're exposing your information to the public because it is the service you provide, it is far more difficult to protect.

Developers have access to all sorts of debugging tools out there that can take a mobile app, stick it inside a shell, and allows anyone to monitor literally everything going in and out of the app. Obviously for such a situation the ability to protect data is far more difficult because not only are the inputs into the program are controlled but the direct output is also visible. This is one of the ways by which game programs are cracked - a monitoring tool can literally highlight the section of the program which is activated when the security routines are live.

For more complex software, the same capability exists but is less useful because of greater complexity - besides which most of the gigantic bloated windows programs survive not because of functionality but because of market domination.

So to answer your assumptions: a 20 or 30 year crack time is the theoretical upper limit should no information be available.

If you can directly control inputs and monitor outputs, the result is far, far quicker.

Equally the fact that there are so many copies floating around - which as the owner you have zero control over - means so much less security.

Read over your cloud agreement. More than likely - in fact over 80% of them - the cloud provider expressly does not accept responsibility to security of data entrusted to the cloud.

As a cloud user, you also have zero visibility into what security practices (or lack thereof) the cloud provider employs.

Lastly crypto is worthless in the cloud context. Just as the software itself can have an emulation environment built around it, so equally can the encryption/decryption subroutines have the same type of emulation built around it. So long as any user has to access software in order to encrypt/decrypt - that software and its key(s) must be protected in order to maintain exclusivity. When you're sending data back and forth across the cloud, exclusivity is impossible. Thus if you're actually using the cloud for anything except dead record storage, there is an entire chain of vulnerabilities which can be exploited.

But hey, keep on truckin'

Re: Facebook is getting KILLED!

I see your points and have a basic understanding of the vulnerabilities from all points of the compass......such as even theoretically crackproof crypto still being vulnerable if everything working in support of it is a potential vulnerability.

I guess I've been looking at it from an individual file security perspective.

Such as creating/encrypting/uploading/storing/retrieving/decrypting/using a SINGLE file...as opposed to looking at it from a more likely and more common continuous realtime/streaming encryption communication perspective that is always running in the background.

Re: Facebook is getting KILLED!

You're right. See this from the WSJ, hosted on Yahoo.
http://finance.yahoo.com/news/facebo...221800567.html

Re: Facebook is getting KILLED!

The purge of funds is on. I guess they thought they were insiders. But in this system, everyone eventually is ostracized.

Re: Facebook is getting KILLED!

This just in... Facebook slammed with Canadian class-action lawsuit over IPO

"http://business.financialpost.com/20...suit-over-ipo/

On a slight tangent in this thread...

C1ue said: Not exactly. Do some google searches, a very large percentage of all US military hardware is still made in China, and I'm talking even fighter jet and missel electronics. Also, while Microsoft has its origins in the USA, much of the programming now occurs overseas, and while NSA has its own version of Linux, they are not really in full control of those OS's. Also the US military doesn't build much of its software, it's outsourced to 3rd parties, including Canadian ones; but my point there being, if those 3rd parties are penetrated, then US military can't claim 100% control even at layer 7 (application layer).


Also as per lakedaemonian's comment that the average joe is not something the government/military care about in terms of breaking encryption - that is incorrect. The main reason is because they don't know which USA residents could be plotting tarrorrism (yes I spelt it wrong on purpose, otherwise the NSA will flag this.. oh damn it I used "NSA".. oh twice. arG).We had another thread here in the Select news section, where I mentioned that the NSA has a $2 Billion budget to create the world's largest spy center focused on decrypting *** ALL *** public Internet traffic, as well as investing in quantum computer organizations to break such encryption on the fly.

Re: Facebook is getting KILLED!

If you refer to the capacitors and similar PCB grade components, you are likely correct.

However, there really isn't a whole lot you can do to subvert these types of components - especially since they have to be tested anyway.

To say that the actual systems are made in China - I 100% disagree. There is a nation which makes a lot of US defense systems and components - it is Japan.

There are real issues with made out of USA in defense, but they are related to the semiconductor ICs. While PCB parts can be and must be tested, the ICs are far harder to test.

30 years ago, adding a few extra circuits into an IC would be obvious and easily detected. Today, with ever increasingly complex ICs, adding even 10,000 extra logic gates into a typical IC would be a 0.5% or smaller difference in area.

And this matters, because the US increasingly buys its ICs from abroad - because the number of wafer fabs in the US are ever increasingly fewer. While most of these foreign ICs come from US allies like Taiwan and South Korea, at the same time the entire wafer IC fabrication chain is composed of literally tens and hundreds of thousands of foreign nationals.

Does TSMC or Samsung vet its employees for loyalty to the US?

It is more than theoretically possible for a small team in a foreign fab to insert extra control or failure modes into any IC - just as it was possible for the US/Siemens to insert extra modes into the microcontrollers in the Stuxnet incident.

A last note: the US is by far the leader in the use of ever increasingly complex electronics.