Meeting Notes - 19 August 2014

Go down

Meeting Notes - 19 August 2014

Post by bdahm on Fri Aug 29, 2014 11:34 pm

“Eat so we can meet” -  Since the Airport Greenery has been providing us free use of the restaurant on Tuesday afternoons for close to three years now, it would be fitting if we patronized the place by buying food and/or drink while we are there. Eric suggested that for those who do not wish to partake of anything that they make a small donation either to the wait staff or in the tip box at the check-in desk in the lobby. 

Zero Knowledge Provider
A couple of weeks ago I provided a list of back-up/cloud storage services in a database on Wikipedia that could be used to evaluate which one might meet your needs. If security is a primary concern because your data may be sensitive, that parameter is worth giving top consideration. Most sites will tell you that they encrypt the information on their serves, but that is not the most crucial factor. The most crucial factor is, who holds the encryption keys. If they are held by the provider, then they are subject to staff access or government court orders. The only way to protect against this is if the data is encrypted on your device and the encryption keys stay with you on the device. One of the products that does this is SpiderOak. They cannot be compelled to give up the keys because they don’t have them. Steve Gibson, our security go to guy, gives this company a thumbs up. Here is a simple video describing the process followed by a more detailed explanation.

There has been many revelations as to the extent of NSA spying on people both inside the USA and abroad. They have massive computing power, which is used to access user data by breaking passwords. These so-called brute force attacks can be used to break weak passwords, but without the encryption keys to encrypted data, not even brute force attacks are effective.

Google Give Secure Sites Higher Ranking in Search Results
Google is about to start adding weight to the rankings of secure sites, those that are HTTPS (the one that shows a lock in your browser) as part of the URL. This is meant to encourage sites to adopt this protocol. Though this is laudable, one has to ask if we want Google’s thumb on the scale in this regard. Do we want this to effect the ranking order of sites? Though it is not difficult to enable this capability and doesn’t take a lot of horsepower to implement it, there are, nevertheless, costs involved, the cost of a certificate. For large sites these costs are not much,  ranging from several hundred to several thousands of dollars, but these cost are not trivial to small, independent web sites.

That should give you something to chew on as I call this a wrap. See you next time.



Posts : 507
Join date : 2009-05-15
Age : 75

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum