[ale] So, is the (tech) world ending?

Wed Sep 18 12:08:35 EDT 2013

Following up on Allen's observation about local laws. Even countries
with very similar laws such as the US and Canada will have some
surprising differences. I remember a case in St. Catherine's, Ontario
where the Canadian media could not use the name of the accused because
of Canadian press laws while the US media in Buffalo could freely
publish the information. Canada does not have something exactly
equivalent to the US Free Press idea.

The problem with offshore hosting is one does not have a good feel for
the other country's law and its probable differences from the local
laws. Even in the US sometimes differences in state law can cause
surprises and problems.

-----Original Message-----
From: "Beddingfield, Allen" <allen at ua.edu>
Reply-to: Atlanta Linux Enthusiasts <ale at ale.org>
To: Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] So, is the (tech) world ending?
Date: Wed, 18 Sep 2013 15:47:11 +0000

I think it largely depends on who you are worried about as being the "bad guy" at any particular time.  For example, we know the U.S. government, as well as a few others, can walk in and take data as if we left the front door open for them.  For the average e-commerce transaction, I think we can exclude them as a concern.  If they want the credit card data, purchase history, personally identifiably info, etc...they have any number of easier ways to obtain the same information.  That leaves the discussion of how broken is SSL for keeping out the average hacker wannabe or eastern European criminal organization?
The biggest concern for me in using "cloud" services is where the portion of the cloud housing my data is residing.  I know that many cloud providers are hosting services in Germany, Holland, Sweden, and Russia.  What you have to keep in mind in that case is that your virtual machines and data are subject to the laws of the country housing the datacenter.  If you are doing something that the host country takes offense to, you could end up at minimum getting your data seized, and possibly running afoul of some law or laws that you were not even aware of.  From what I understand, Germany in particular has some rather "different" laws around business practices, and they do have a history of seizing servers and data.

--
Allen Beddingfield
Systems Engineer
The University of Alabama
________________________________
From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Michael B. Trausch [mbt at naunetcorp.com]
Sent: Wednesday, September 18, 2013 10:25 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] So, is the (tech) world ending?

SSL is largely broken.
NSA can't be trusted.  US Government even says so (see NIST).

The only PKI that is safe is unrooted PKI, but we already knew that.

What does the whole of the last month mean for e-commerce and secure business for all those people using cloud-centric services?  It'd seem to me that the best thing to do is keep everything in-house and trust no root certificates, going back to the old method of certificate management.

    — Mike

--
[Naunet Corporation Logo]       Michael B. Trausch

President, Naunet Corporation
☎ (678) 287-0693 x130 or (855) NAUNET-1 x130
FAX: (678) 783-7843

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

-- 
Jay Lozier
jslozier at gmail.com