Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

The risk of using cloud services amplified in the Quickbooks hack

  • 20-07-2019 7:51pm
    #1
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭


    Quickbooks cloud services were hit with a ransom attack. As a result probably hundreds of thousands of businesses are without access to invoicing, inventory management etc for the past three days. It raises questions in one’s mind about the quality of their backup systems. Admittedly it is a nightmare problem with thousands of new transactions hitting the system every minute, followed by a random attack, and the need to decide on where to draw the line in terms of ‘clean’ backups and rolling back to a known good point in the storage. And communicating that to a large volume of clients who think they are paying for a resilient system.

    The company’s response seems to have been simply to cut prices for new subscribers – eg from USD 29 per month to USD 8.70. Which is little consolation to clients whose businesses have become reliant on this ‘service’.

    Software companies are forcing clients to move to the cloud, with monthly or annual payments – instead of selling a software package which can be installed and expected to remain static and reliable – aside from the odd patch for security etc.

    https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/#more-48277

    Quickbooks is not alone. Office 365 has been forced on users who previously licensed office as a software application and ran it on their own systems. The cloud based interface changes incrementally every few weeks and there are periods of downtime. As I write this, Office 365 seems to be experiencing a lot of trouble reports in the US:
    https://downdetector.ie/status/office-365/map/

    The user has lost control over updates and when they should take place, in many environments.

    It is high time that software / system providers had the same legal responsibilities as the sellers of tangible assets. With no option to contract out of these liabilities.


Comments

  • Moderators, Education Moderators Posts: 2,610 Mod ✭✭✭✭horgan_p


    So here's the thing with cloud computing :

    1) It isn't designed to be cheaper than on prem. If it is - hooray, but that doesn't happen often
    2) It doesn't absolve you from responsibility - you need backups just as much (if not more than) as your on prem solution.
    3) It doesn't get you around GDPR either. It can help tremendously in admin and prepping for to be GDPR compliant, but it isn't a silver bullet.

    I've often had conversations with smart people about backing up Office 365, and I nearly always get the 100 yard stare.

    If your data is on prem then you know who is the sysadmin. With cloud you don't .

    If you want a laugh - go look at what Sage are peddling as their "cloud solution". They are open to having similar issues.


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    horgan_p wrote: »
    So here's the thing with cloud computing :

    1) It isn't designed to be cheaper than on prem. If it is - hooray, but that doesn't happen often
    2) It doesn't absolve you from responsibility - you need backups just as much (if not more than) as your on prem solution.
    3) It doesn't get you around GDPR either. It can help tremendously in admin and prepping for to be GDPR compliant, but it isn't a silver bullet.

    I've often had conversations with smart people about backing up Office 365, and I nearly always get the 100 yard stare.

    If your data is on prem then you know who is the sysadmin. With cloud you don't .

    If you want a laugh - go look at what Sage are peddling as their "cloud solution". They are open to having similar issues.

    I totally agree. If you use AWS S3 for example and you keep files in Ireland, you need another backup perhaps in Germany or NL - ideally on another provider (eg Wasabi.com) who provide immutable storage in Amsterdam etc. Immutable can't be erased or encrypted once written. As well as several generations of backup within easy reach, in locations other than a server location.

    I backup my office 365 stuff to a number of Samsung SSDs using USB-C connectors - which I find very fast. SSD might not be the best thing for backup - but it is very fast via USB-C. And I find Office 365 so flaky I don't use it to store anything of material value. Just semi-junk that I might need to view on my mobile phone etc.

    At least with Amazon one can see where one's files are being stored and select a location. Office 365 is far more vague. And neither Amazon nor Microsoft are based in a neutral country.

    It is a bit like the 'British' ship that was arrested by Iran the other day. It is owned by a Swedish company Stena Bulk AB. Sweden is a neutral country. The ship itself is owned via a Cyprus based company - which is not a neutral country. And it flew a GB flag. How dumb can a company get? It reminds me of Bayer AG buying Monsanto a year or so ago. Bayer is now plagued with legal claims coming home to roost from Monsanto's weedkillers, which date from long before the take-over.

    With Brexit, most of Ireland's telecommunications capacity goes via 'Five Eyes' countries where it is undoubtedly monitored. The telecommunications industry is extremely dozy in terms of establishing large quantities of direct bandwidth between Ireland and mainland Europe, over routes that do not enter GB water.

    Peoples' mobile phones are sending position and other telemetry information either via VOLTE and / or CCITT 7 signalling which is being sent by several 'Irish' mobile phone networks to countries engaged in state terrorism in various parts of the world.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    nvm. no point.


Advertisement