Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Why PRISM kills the cloud | Computerworld Blogs
From: Daniel Preussker <daniel () preussker net>
Date: Tue, 11 Jun 2013 08:28:28 +0200

+1 (including +1 for the 'rant' about cloud)

Daniel Preussker

[ Security Consultant, Network & Protocol Security and Cryptography
[ LPI & Novell Certified Linux Engineer and Researcher
[ +49 178 600 96 30
[ Daniel () Preussker Net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1

On 11.06.2013, at 03:30, Jeffrey Walton wrote:

On Mon, Jun 10, 2013 at 9:15 PM, laurent gaffie
<laurent.gaffie () gmail com> wrote:
Why is the Prims program such a big deal today?  Most of us  knew about
echelon and the patriot act didn't we? This program was unconstitutional at
the first place and should have raised indignation when it was approved at
that time...

Below is my standard verbiage on clouds and backups to clouds.


clouds and drop boxes. If you don’t want your data analyzed,
inspected, shared, or mishandled, then don’t provide it in the first
place. Data migration includes backups, so ensure you are using the
proper attributes on your files. For Apple systems, the file should
have kCFURLIsExcludedFromBackupKey file property or
com.apple.MobileBackup extended attribute (see Technical Q&A QA1719
for details). Android applications should add android:allowBackup on
the application tag and set it to false in AndroidManifest.xml.
Windows’ integrated cloud backup is new, and there’s currently no way
for an application to back up to the cloud (and hence, no way to stop

A layman’s analysis of License Agreements and Terms and Conditions
will reveal how little security is afforded to your documents in cloud
storage. For those who don’t read them, one popular platform has 142
separate documents covering Terms of Conditions for its cloud
alone.[18] The documents discuss your rights if the company (1) gives
away your data, (2) shares you data with partners, (3) looses your
data, (4) provides your data to authorities (sometimes without an
order or warrant), (5) does not provide reasonable skill or care, (6)
commits willful misconduct or fraud, and (7) acts with negligence or
gross negligence. “Your rights” is misleading since it is consent, and
the document effectively states you indemnify the company: “You agree
to defend, indemnify and hold [company], its affiliates, subsidiaries,
directors, officers, employees, agents, partners, contractors, and
licensors harmless from any claim or demand, including reasonable
attorneys’ fees, made by a third party.”[19]

[18] iCloud Terms and Conditions,

Le 2013-06-10 19:46, "Ivan .Heca" <ivanhec () gmail com> a écrit :


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: PGP.sig
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]