Monday, 21 April 2014

here we go again

A few of us were chatting about the days when we used PCs and could spend vast hours tending to these labour-saving devices.

The rashbre home setup nowadays features some Macs, which generally behave themselves. The old memories of device drivers and dozens of reboots have mainly faded. Okay, we have a machine on Windows 8, which we haven't yet tried on the free update to Windows 8.1 and another machine which is still reliably on Windows 7.

The careful tending has moved to other places now. We are all supposed to be enjoying the use of the Cloud, although we still backup everything to locally managed servers.

They say the price of freedom is eternal vigilance, and that is increasingly a facet I notice when using the Cloud.

A recent example has been the buffer overrun exploitation referred to as Heartbleed (CVE-2014-0160). It allowed nefarious people to peer beyond the length of a computer message at whatever followed (the next 64k actually). In some cases this yielded other peoples' passwords. The weakness was around for a couple of years before it was spotted, so there may well be plenty of passwords compromised around the web.

Like many, I get sent the emails from various Cloud-type services asking me to change my passwords because of this OpenSSL TLS/DTLS bug.

Then over the easter break I received the message that someone was attempting to hack into one of my Wordpress sites. I'd already deleted a couple of old sites at the end of last year after someone had been probing them and this time they attempted to put a file onto the site.

There's a kind of graffiti tagging they some hackers use, where they mark the sites they have hacked with a small text file saying they 'own' it. I casually looked around and noticed a British law firm, a French film company, a Turkish metal company, an American bar and even a broadway lyricist who have all been hacked by one of these people.

It's all just time consuming to manage and fix. Curiously, today I also received an email from a service offering to provide me Wordpress support by the hour.


My own care and maintenance has just made my already inscrutable passwords even longer and more fiddly.

I still see plenty of demonstrations of connected devices all talking to one another seamlessly. However, the annoyance of increasingly contorted security measures can still be a rainy lining to the Cloud.
I know, wandering lonely as a cloud requires slightly unseasonal daffodils, but they are from rashbre central.

No comments: