The Internet of Ransomware Things


Userlevel 7
Badge +54
I saw this on Twitter this evening, I do not know who the author was but whoever you are you did a brilliant job and I hope you do not mind me sharing it.
 
 


27 replies

Userlevel 7


 
Now that is taking the Internet of Things too far! LOL
Sums up very neatly why I do not like the idea of the "Internet of All Things" or, indeed, the new fad of moving all and sundry to the Cloud !!! 😠
Userlevel 7
Badge +62
Thanks for sharing @  I enjoyed this cartoon very much!
Userlevel 7
IMHO the Cloud is a fiction in the sensse that it is nothing more than remote hardware...and the main thing there is who responsible for security, do they know, acknowkedge this and then act upon it.
 
The IoT is very different and therefore the issues are very different and much less under our control...and so that is much 'ess safe.
 
 
@ wrote:
IMHO the Cloud is a fiction in the sensse that it is nothing more than remote hardware
 
Clearly! The word is a (kind of) metaphor and therefore per se "a fiction" (thus "IMHO" not necessary here! IMHO ;)).
 
But as I said and as you say, there are clear security issues here:
@ wrote:
...and the main thing there is who responsible for security, do they know, acknowkedge this and then act upon it.
 Dropbox, to mention just one victim...
I'm sure others better informed than me can mention, without need for reflection, others.
Userlevel 7
Badge +54
@ wrote:
IMHO the Cloud is a fiction in the sensse that it is nothing more than remote hardware...and the main thing there is who responsible for security, do they know, acknowkedge this and then act upon it.
 
The IoT is very different and therefore the issues are very different and much less under our control...and so that is much 'ess safe.
 
 
You are exactly right Baldrick.
Well clearly there's something I haven't understood here because, to my mind, in both cases we're ceding control to a wirelessly or internet-ly remote device or system, and depending on someone else for the robustness of that device or system against data and ID theft (cloud) or hacking attacks (IoT). To the extent that the system in the cloud or the IoT device is not robustly designed or protected, we are opening ourselves to vulnerability.
 
What haven't I understood??
Userlevel 7
Badge +62
@ wrote:
Well clearly there's something I haven't understood here because, to my mind, in both cases we're ceding control to a wirelessly or internet-ly remote device or system, and depending on someone else for the robustness of that device or system against data and ID theft (cloud) or hacking attacks (IoT). To the extent that the system in the cloud or the IoT device is not robustly designed or protected, we are opening ourselves to vulnerability.
 
What haven't I understood??
I agree with all of what you have stated @...so I must be misunderstanding things myself. But between you (Muddy)and Baldrick I get disoriented. 😃
 
I do trust the Webroot Cloud but I am very leary of online Cloud backups. Like Amazon Cloud was hacked and that was where some of my music was stored that I purchased. So...:@
Or maybe it's not us who are misunderstanding?? I just don't know...
 
Speaking of photos, think of all those private nude photos of celebrities from the Cloud (Amazon also??) that were hacked and then posted online. Is that not an extremely serious matter?? Is that (more) "under (that person's/celebrity's) control"? Is that "less (un)safe"? Which is worse?? Being a victim of ransomware or having your very private nude photos posted online for everyone and anyone to ogle at?
 
And talking of private data in the Cloud, how many people worldwide who we will never know about have been blackmailed because of financially or sexually or whatever compromising data? What is the difference between that and ransomware? And which, I dare anyone to pronounce, is worse?
 
No, I think the Cloud is potentially just as dangerous as IoT (if not more). At least, that's my two cents worth until someone shows me otherwise.
Userlevel 7
Badge +62
@ wrote:
Or maybe it's not us who are misunderstanding?? I just don't know...
 
Speaking of photos, think of all those private nude photos of celebrities from the Cloud (Amazon also??) that were hacked and then posted online. Is that not an extremely serious matter?? Is that (more) "under (that person's/celebrity's) control"? Is that "less (un)safe"? Which is worse?? Being a victim of ransomware or having your very private nude photos posted online for everyone and anyone to ogle at?
 
And talking of private data in the Cloud, how many people worldwide who we will never know about have been blackmailed because of financially or sexually or whatever compromising data? What is the difference between that and ransomware? And which, I dare anyone to pronounce, is worse?
 
No, I think the Cloud is potentially just as dangerous as IoT (if not more). At least, that's my two cents worth until someone shows me otherwise.
Well I was waiting for you to respond.. :D
 
What can one say to all that that you have just posted? hmmm..It is just a crazy world out there and all we can do is protect ourselves the best way we can.
 
Protect ourselves from any kind of Ransomeware. To me it's all the same. Financially,, blackmailing...compromising ones data. ..etc..The end result is just as devasting .... We cannot be proected 100% from the online Clouds out there. Why use the the Cloud for personal information in the first place? But people do because they are naive and believe one will be protected while using the Clouds...Clouds claim they are safe..really?
 
To me I agree that the Clouds are dangerous AND are lacking protection from hacking and/or Ransomeware. It's devasting when this happens in all kinds of forms. We can either use these Clouds or choose not to. It's as simple as that.
 
Being online is a risk everyday  subjecting oneself to Cloud backups are just asking for it. IMO ;)
 
I just know I am uncomfortable using Clouds...except for Webroot of course. :D
 
Userlevel 7
Cloud access, especially if commercial and properly founded consumer cloud apps usually connect between client and servers (in a server farm somewhere...thatis the 'Cloud'...nothing more/nothing less in general) via VPN tunneling, and so if they do then they should be on the road to being secure (of course there are myriad other layers of securit...or there should be if it is a properly founded Cloud operation).
 
Also, we need to be careful as to what we (the collective 'we') term as 'Cloud'...unfortunately it started out as being clearly defined as to what it was but more recently this has become 'corrupted' (as things do) by misuse or misassignment so that somethings labeled as 'Cloud' are not strictly so.
 
And properly founded, set up & more importantly managed, the Cloud can in fact be safer than on premise.
 
So in my book the two points in question; IoT and Cloud, are very different 'beast', and so not comparable.
 
Regards, Baldrick
Both imho carry serious potential security risks (that's why I grouped them together), and with both, given the right measures (with IoT, first of all the manufacturers must start taking security much more seriously), those risks can be mitigated (imho).
 
To my mind, keeping data offline, preferably avoiding network, and above all practising good habits and using good malware protection, should be safer. I'm prepared to be corrected by any person who can show me in simple non-technical language why that is not true.
 
Having said that, I do use Dropbox for syncing my data and Crashplan for remote data backup. But, in my personal case, I cannot see that any of the data I sync is confidential or potentially compromising. Anything that may or may not be confidential is not synced but is, as all of my data, backed up by Crashplan which I consider to be one of the more robust Cloud backup services in terms of security.
Userlevel 7
Badge +62
Thank you @ & @,
 
I believe I have learned from both of you a better understanding of the Clouds and the loT.
 
Much appreciated.:D
@ wrote:
Thank you @ & @,
 
I believe I have learned from both of you a better understanding of the Clouds and the loT.
 
Much appreciated.:D

Sherry, I feel a little uncomfortable your putting me on a level with Baldrick. Baldrick and Jasper the Rasper are or were—I use the past tense because I assume, rightly or wrongly, that Jasper the Rasper is now retired—as far as I know, in the IT sector. I am most definitely not.
 
I will admit straight away that I know less, probably a lot less, about the inner workings of remote backup and, even more so, of IoT devices than they.
 
I suppose I’m coming at things from a different angle. I suppose they are looking at the ideal world, a world which I hope most IT companies (though Yahoo recently gave us serious pause for thought!) inhabit in this real world: in other words, where professional solutions are used and best practice and proper protocols are meticulously followed. In that case, I am sure indeed that remote backup is largely safe. And yes, IoT is, for the moment for professionals, a very different world as they at the moment have far less control over IoT devices due, I understand, to sloppy security practices currently prevalent in their manufacture than they do over remote backup options where they have the ability to choose robust and reliable solutions.
 
But as I say, I am coming at things from a different angle. I am looking at this whole world from the point of view of the layman. People like me inhabit a world where all too often best practice and best protocol are not followed. Witness for example the 20 minute security breach to Dropbox back in was it 2012, and the harm that caused (I believe there were also other subsequent security compromises). Did I think that would happen? No. But it did! Witness also the photos of celebrities being hacked from iCloud and put on the internet (although I understand that was probably due to hackers hacking their iPhone passwords). Then there is the example that you cited of Amazon Cloud being breached where you stored your music. And as I mentioned (although here, we are no longer in the domain of remote data backup), even Yahoo, which is an IT company, suffered major security breaches due to sloppy and out-of-date security procedures.
 
What is more, oftentimes the weak security of remote cloud backup can be due to sloppy procedures by the user, myself included, e.g. weak passwords as with the example above concerning celebrities’ photos.
 
My point is: sometimes I have the impression that security discussions in this Community take place in a bubble, where those people that are professional IT-ers are viewing the issue being discussed from a professional context—whereas the vast majority of people who visit this Community are IT rookies like me who are coming from a completely different angle.
 
That is what I think is happening here. Yes, in a proper professional context remote backup is pretty robust. But for most of us, we have to steer this world of remote backup very carefully both in terms of our security habits and our choice of providers in order not to inadvertently discover that our data is being compromised.
 
Another example of viewing these issues from two different points of view is this: I said in an earlier post that I think it is preferable where possible to avoid a private network for the sake of data security. That is (imo) true for me and for most average Joes, because we do not thoroughly understand private networks and do not know how to properly configure a robust network that provides strong security protection. However, this point would be, and is, totally invalid for a company (or an individual) who have people with IT expertise and who follow best practice and rigorous protocols.
 
My two cents worth on a Monday morning…
Userlevel 7
Badge +54
@ wrote:
@ wrote:
Thank you @ & @,
 
I believe I have learned from both of you a better understanding of the Clouds and the loT.
 
Much appreciated.:D

 Jasper the Rasper are or were—I use the past tense because I assume, rightly or wrongly, that Jasper the Rasper is now retired—as far as I know, in the IT sector. I am most definitely not.
 
 
My two cents worth on a Monday morning…
Me retired and in the IT sector? Good one Muddy :D  I still have almost 10 years left to work and I am a gardener and the only thing technical I have to look after is a computerised biomass boiler.
Ooops! Sorry, Jasper 😳
Userlevel 7
Badge +54
@ wrote:
Ooops! Sorry, Jasper :$
Don't worry about it, I don't mind 😉
OK. Friends again??
Userlevel 7
Badge +54
@ wrote:
OK. Friends again??
Were we anything else?
Userlevel 7
Badge +7
Well, I guess I feel a little bit like a hypocrite. :$
 
As some of you know, after “many” years in the IT industry and promoting the “cloud” to many clients, I do not use it either, though there are pros and cons to any solution, 
 
I have disabled and even renamed “OneDrive” executables on my systems, cancelled and removed DropBox and anything else that remotely smells like a cloud of any flavor.
 
Just my opinion, of course.
 
But this one is just another example of personal preference.
 
Best Regards,
Dave
Userlevel 7
Badge +62
Hi Muddy,

Good Monday Morning, I am sorry if I made it sound that way. I just meant I can see both of your sides..you and Baldrick's view of IoT and the Cloud. I'm just a normal computer fan learning and and istening to everyone here. I cannot express myself as well as an English major or as well if I don't know much about the Clouds and the IoT. In fact I had to look up IoT. LOLs.

You and Baldrick out class me in terminology or explaining yourselves.

I am just a wanna be ...so called computer geek. You have your views and questions that are very interesting and I am always intrigued by them. Baldrick is the best one other then TripleHelix that really know the IT sector.

The bottom line for me is I just have a gut instinct not to trust the servers with the Clouds. There are too many breaches in the first place as I see it. So I do enjoy the debates for understanding people's point of view. So I cannot or am a expert on any of this.

@ you have and do explain your differencees and questions and I respect them along with Baldricks.To me I hear both sides. At least I try to. I'm usually very quiet and stay in the background because I may not understand what's going on or have any expertise to respond intelligently.

So I never meant to make you uncomfortable or go against anything that has been noted. Please accept my apologies if I did this. I mean nothing but respect for my fellow Webrooters. Baldrick has always been one of my comadants. And I admire both of you along with a few others for your point of view and your discussions on these topics.

I still will not use the Clouds.... 😉
Don't worry, Sherry, I wasn't at all put out by your post. I just wanted to put myself in my place.
 
And please, please don't talk yourself down. No-one needs fancy language to express themselves, and your gut instincts may prove to be more reliable than clever explanations as to why we can trust the Cloud. Notice how even @ has pronounced himself to have washed his hands of "anything...that remotely smells like a cloud of any flavor". And note how even the very clever NSA with its clever backdoors it created was possibly (was it hacked or did a disgruntled employee steal the info?) hacked.
Userlevel 7
Badge +62
Oh great to hear Muddy. ..Thank you ..I'm as smart as the rest of you. ;)

And great to hear @ point of view. 🙂
Maybe smarter...??
Userlevel 7
Badge +62
😛  ;)

Reply