You are viewing a single comment's thread from:

RE: Steembit: a decentralized storage marketplace for Steemland

in #steem6 years ago

"Even if someone wants to store "a virus", you don't care because "the virus" will be delivered within a "tight box" of encryption."

I strongly encourage you to consider that no encryption exists for various state level actors. While that may not be an issue for ordinary folks availing a cloud storage mechanism for pay, for some folks it will be.

The Intel Management Engine simply exists at a layer below the OS, and therefore has access to any data prior to encryption having effect.

Just a note regarding encryption and security, not a denigration of the idea itself.

Sort:  

In this context the question was : "if I offer storage space, do I run a risk that whatever an unknown customer of the service stores might harm my computer?"

The answer is yes. However, we run that risk anyway. It's not an increased risk, simply another vector that can be used to do harm. Cars can be hacked by simply shining LEDs on the vehicle's lights. Computers used to scan DNA can be hacked by presenting DNA that will cause the computer to suffer a malware injection.

Actors able to access IME level of processors can do similar things with the encrypted data. They can do similar things in countless ways, however, and don't need you to use the storage capacity of your system to create the necessary vector for their attack.

I just want to clarify that security of computer systems actually doesn't exist given hackers of nominal skill and requisite motivation. From me your system is safe regardless of any measures you fail to adopt. From some people, no system anywhere is safe regardless of what can be done to secure it. Security applies in between those extremes, and knowing this can be useful in considering what to implement, and what costs to undertake.

For most folks, good encryption will suffice.