Google Server Secrets | TechSNAP 17

Google Server Secrets | TechSNAP 17

Find out what consumer storage device is shipping with an encryption backdoor, and we share details about Google’s super secret million servers strong infrastructure.

AND – How Chris lost $1k in bitcoins!

Direct Download Links:

HD Video | Large Video | Mobile Video | WebM Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:


Show Notes:

Verbatim’s Crypto NAS has unexplained second key

  • Like we have talked about before, the only ‘secure’ way to ensure that encrypted data is recoverable if the encryption key is lost, is to encrypt it to a second key, a ‘recovery agent’
  • The important fact here, is that Verbatim does this without your consent, and there is no way to turn it off
  • This means that if you lose your key, you can call Verbatim and they will decrypt your files for you. Nice feature…
  • A rouge employee at Verbatim could also decrypt your data
  • An attacker could steal or guess the Verbatim key, giving them access to EVERY verbatim crypto NAS device
  • The government could have Verbatim decrypt your data against your will, or without your knowledge

Study estimates Google has around 900,000 servers

  • Based on Google’s energy use, compared to all other data centers in the work, and factoring in that google uses custom build highly efficient servers, it is estimated they have as many as 1 million servers
  • Google’s newly designed management system is build to be able to manage up to 10 million machines

Chris loves this book: In The Plex: How Google Thinks, Works, and Shapes Our Lives

The Massachusetts lottery can be gamed for a guaranteed payout

  • The way the rules are structured, if the lottery jackpot builds up to over $2 million, then they commence what are know as ‘rolldown weeks’, These weeks increase the payouts of minor jackpots, meaning if you buy enough tickets to increase your odds of winning, you can be assured a profit
  • It is estimated that if you buy 200,000 of the $2 tickets, during 4 roll down weeks a year, your payout would be between 1.8 and 4 million dollars, without ever winning the actual jackpot (which has only ever been won once)
  • The state lottery commission has known about this flaw for years, but has only recently started to enforce new rules after the stories started to get press

Pakistan passes new Internet monitoring law, bans encryption and VPNs

  • How will this effect Pakistani users of services like gmail, that require SSL encryption for authentication
  • Will this cause the creation of more tools designed to mask encryption, for example with steganography or masking data transfer as DNS requests
  • A copy of the proposed law

What are the requirements for true Freedom in the Cloud

  • Right to restrict Access – The user must be able to prevent the provider from reading their data
  • Freedom to leave, but not lose – Users must be able to export all of their data and move it to a different service
  • Open Standards – In order to be able to interact with your data, as well as import and export data, there must be open standards for interacting and transferring data
  • Transparent Privacy Policies – Most users will never read a 20 page privacy policy, there must be a legible and easily understood list of what the provider is and is not allowed to do with your data
  • No change of policy without explicit consent – If the provider can just change the policy, and it is up to you to notice this change, you can never be safe from the whim of the provider
  • We have seen many of these problems with services such as DropBox, which does not comply with most of these requirements. You cannot stop dropbox from accessing your data, they encrypt it only with their own key. There are no open standards for dropbox, when an open source project started an alternate client, it was promptly sent a DMCA notice. And dropbox has on numerous occasions changed it’s privacy policy and terms of service, without informing their users, requesting the users consent, or explicitly stating what was changing in the policy.

TOSBack | The Terms-Of-Service Tracker


Bitcoin Blaster:

Question? Comments? Contact us here!