by Karl Denninger
Market-Ticker.org
Public cloud computing, that is, computers at a remote location you do not own but lease space on, which have a hypervisor and clients running under it where you do not have complete, 100% control of said hypervisor are not secure.
If you have allegedly “encrypted” data there that is accessed, modified and used on said machine then the key to decrypt said data must also be on the machine and unprotected so it can be used. If that is the case it can be trivially stolen since the hypervisor has complete access to all of the memory and disk resources of the client process and once stolen any pretense of security vanishes like a fart in the wind.
This is the lesson of the Wikileaks “Podesta” and related hacks. It is not that Russia was involved (or not), it is not whether the “hack” was criminal, it is nothing of the sort. It is that many of these people had their data (email in this case) on a public cloud environment and said environment was trivially broken into and the data stolen within minutes of being targeted.