Michele Norris speaks with Brian Cooley, editor-at-large with online tech magazine CNET, about Apple's new iCloud feature ? and if it poses significant security risks with users' personal data.
Copyright ? 2011 National Public Radio?. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.
MICHELE NORRIS, host:
Those intent on hacking into big systems will soon have a big new target. This week, Apple announced its iCloud service that stores massive amounts of content, much like a giant storage system in the sky. iCloud users will be able to wirelessly access their music, photos, email, calendar and all kinds of other content on several devices. It's meant to eliminate the need to sync phones, computers, laptops and tablets. It's all about convenience. But is it safe?
The iCloud announcement was met with both applause and skepticism due to security concerns. And to wade through some of those questions we're joined by Brian Cooley. He's an editor at large with the online tech magazine CNET. Welcome back to the program.
Mr. BRIAN COOLEY (Editor-at-Large, CNET.com): Thanks, Michele.
NORRIS: First, a quick explanation of the iCloud system, how it works and why there are such strong security concerns?
Mr. COOLEY: Well, first off, the Cloud term is this idea that we use the Internet as part of or an extension of our computers. So our data can live on the Internet just like it used to on our hard drive. You access it over the Internet, as opposed to going to a folder on your desktop.
So as I'm describing this, you can kind of see how your machine or your portable, your iPhone, whatever it is, suddenly is sort of leaking out or spreading out across the Internet like this sheen of technology. But it's your stuff, so you now have a broader footprint out there that, potentially, hackers could go after.
NORRIS: I'm wondering about how people might try to access the data. Is the vulnerability based on how the content is stored or how it is delivered? Do people try to access the data while it is in transit, when people try to download their photos or their email?
Mr. COOLEY: Yeah, two major layers you're pointing out here. One is the Cloud's servers that Apple runs. They built this huge data center in North Carolina, an enormous building full of computers. And to form an attack that goes after those computers, finds my information and pulls a copy of it to do whatever that hacker wants to do to me, that's one point of attack.
The other one is one that from Apple doesn't entirely control. And that is the connection between me and Apple. So I am sitting here and I'm at my computer and I'm synching my device, or it's going over the air to my wireless carrier. They are one link, then they link to other Internet carriers, so-called backbone carriers - that you and I never even see - and they link to other backbone carriers, and they link to Apple.
Every one of those is another potential point of attack. I can't control them. I don't have any knowledge even which ones are being used, neither does Apple. In the middle there is this unmanaged thing which is the Internet and that's how it's designed, but thats also its Achilles' heel sometimes on security.
NORRIS: So what kind of security steps does Apple take to make sure that that content is protected?
Mr. COOLEY: I would assume - and most importantly, we don't really know because that's the first step in good security is not to tell the world what you're doing. But we can assume that Apple being one of the most sophisticated technology companies in the world has thrown massive resources at this, not just because it's the right thing to do but because it's important for their position in the market and their fiscal health to not have this be hacked.
No one has more resources than Apple. Yet, just look at the Sony story over the last couple of weeks. There's a big company with all the technology resources money can buy, and supposedly enough sense to use them, but has had massive intrusions. And they're far from the first.
NORRIS: Are there certain things that consumers can do if they plan on using the Cloud system to protect their data?
Mr. COOLEY: First thing is think about the security you're using, your password. A lot of people are very sloppy about their passwords. And the first step in good Cloud security is to have a hard to figure out password that you change regularly, every six months at least.
Now, what we're seeing since iCloud announced is a renewed call in the security community for another step. And that's called Two-Part Authentication. Right now when you login with a password, that's one part - you're just using one key, if you will, to open that lock.
Two part means you need two keys for every lock, a password and something else that's even harder to fake - like a fingerprint scan, an iris scan, or what they call a token dongle. This is part of the story...
NORRIS: A token dongle?
Mr. COOLEY: Yeah, it's a thing that is used by government and enterprise security, high-end corporate stuff. There was a big story about this in the last two days. A company called RSA issues these, 40 million of them they've issued to various corporate computer users in government and defense.
And they look at this little device with a login and they have the number, and it's changing all the time. They enter that and their password to get logged in. But it was in the news last week because even that has been breached.
So it's a cat and mouse game here. The part that you can do, though, is to really maintain good password practices.
NORRIS: Brian Cooley, always good to talk to you. Thanks so much.
Mr. COOLEY: Thanks, Michele.
NORRIS: Brian Cooley is the editor-at-large with the online tech magazine CNET. He was talking to us about Apple's iCloud service and security.
Copyright ? 2011 National Public Radio?. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to National Public Radio. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.
NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.
Source: http://www.npr.org/2011/06/09/137089307/does-icloud-pose-security-risks-to-users?ft=1&f=1019
ryder cup arnold schwarzenegger the tree of life isc littlebigplanet kia soul infamous
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.