<< Data was stolen from an Amazon Web Services-based storage bucket, which included more than 140,000 Social Security numbers >>
How about all of these 'data breach!!! data was taken OUT OF THE CLOUD!!!!' articles instead start with
"Data was PUT INTO Amazon Web Services, which is a sketchy private company with an extremely bad reputation owned by the world's richest man who is currently being blackmailed and who many Amazon users hope, against all the evidence, isn't a literal Bond Villain.."
If you put your company's secret data in the cloud, YOU ALREADY LOST CONTROL OF YOUR DATA
Cos it's in the Cloud.
That's what the Cloud is.
It's giving someone else control of your secret data.
That someone being someone who wants to rule the world.
You can kid yourself for a very long time that nobody who runs the Cloud is going to look at your secret data.
But it's a cutthroat business world, data is money, and you will never know if they did look.
They probably aren't looking! You hope.
@natecull If only there were mathematical systems in existence to ensure that your data were only accessible by authorized parties!
@digicana There..... aren't, though, that's the thing.
That's what I'm trying to get people to understand.
If you use purely cloud *storage*? Yes. You can encrypt data on your physical machine and then send it it through the Internet and store it in the Cloud.
If you use a cloud *compute* server? Hahaha lol no.
Your cloud server's RAM will have your decryption keys in it, because how else will it be able to compute?
Good luck. Maybe Secure Enclaves will save you. Maybe!
But see, the thing, is:
Cloud compute means we now have this MASSIVE concentration of all the world's data and compute in maybe three or four companies. All of whom want to have and keep VERY close relationships with US military and intelligence.
This is a very, very target rich environment for those agencies, should they want to... go fishing for, whatever.
It's like the perfect data crime. Who will know if you're scanning hypervisor RAM for keys? And the payoff? Near infinite.
@natecull @digicana side-channels 🤔 https://rambleed.com/
sure, but if your adversary *literally owns the physical computer*, their job of reading your RAM is a LOT easier.
It's just that for some reason nobody's threat model yet includes 'what if your tech infrastructure provider WAS your adversary?'
They certainly do if that provider is Huawei! But if it's American (and they're American, or even English-speaking non-US), they think it's fine.
Even if they also think the US President is literally owned by the Russian Mafia.
@natecull @digicana I meant it's possible that your can use these vulns for your own advantages. From this perspective the proliferation of scary side-channel attacks is not 100% bad. If everything runs on the cloud, users have nothing to lose, these vulns are actually giving some people a remote (but non-zero) chance to subvert massive concentration of three or four companies, and possibly even US military and intelligence. Here comes a new #cyberpunk plot.
@niconiconi @natecull I’m actually kinda curious how the big boys are handling all the speculative execution processor vulns. I mean no doubt they have mitigations, but I suspect it’s the nation states not the little guys who have effective tools to leverage these into workable exploits.
@digicana @natecull physical isolation, I guess.