Just got propositioned by a logos forum user...

Page 4 of 5 (86 items) < Previous 1 2 3 4 5 Next >
This post has 85 Replies | 3 Followers

Posts 2964
tom | Forum Activity | Replied: Thu, Dec 2 2010 5:13 PM

Richard DeRuiter:

fgh:
I was a bit disappointed when Phil Gons wrote that "There was no breach of security. Your credit card info is safe.". To me this was a breach of security

They were not 'breached' that is, their security system wasn't hacked. No one came into Logos and took stuff that was behind a defensive wall. What happened was that Logos was inadvertently exporting email addresses in a way that some spammers could capitalize on. That would be a security leak (not breach), and while the results can be the same, the level of vulnerability for us is quite different. It's also easier to fix.

If we want to get technical, a security breach is an external act that bypasses or contravenes security policies, practices, or procedures.  

breach of security is a disclosure of classified information, access to protected assets without proper authorization, or their theft or misappropriation.

To be technical, this was a breach of security because classified material (our email addresses) was not accessed by using proper authorization.

This being said, it doesn't matter if it was a security breach, a breach of security, or a security leak, our information (email addresses) is now in the hands of people that should not have it.

Posts 128
Derek | Forum Activity | Replied: Thu, Dec 2 2010 6:10 PM

tom collinge:

To be technical, this was a breach of security because classified material (our email addresses) was not accessed by using proper authorization.

I agree, it is basically a poor choice of words on behalf of Logos or whoever is making the announcement...

When a government employee hands classified material to someone who should not have access, security is breached.

They weren't "hacked" per se.  The addresses were probably scavanged by bot designed to troll through these types of forums and collect the email addresses of users off of systems that were not set up according to good security standards... 

 

Posts 7
LogosEmployee
Jim Straatman | Forum Activity | Replied: Thu, Dec 2 2010 7:03 PM

Thanks to all the forum users for reporting this problem and helping our web developers identify and patch this flaw. Logos considers customer data our most important responsibility and invests considerable time, development, and other resources to ensure your information is protected.

Logos websites are typically developed in-house and are carefully architected to protect all customer information. The forum software is a third-party application customized to work with our single sign-on mechanism. Before deploying the forums, Logos customized the source code to avoid exposing any customer information; however we missed email addresses on RSS feeds. The forum software was patched today at 9:50 a.m. (PST), and forum user email addresses are no longer exposed. Just to be safe, we’re double checking the rest of the forum code to ensure the fix is final.

I’ll avoid the distinction between breach, leak, and hack, but can confirm that no internal systems were compromised. Logos is committed to secure development practices and we’ll continue to take every effort in keeping your information safe.

Posts 128
Derek | Forum Activity | Replied: Thu, Dec 2 2010 7:33 PM

Jim Straatman:
Thanks to all the forum users for reporting this problem and helping our web developers identify and patch this flaw. Logos considers customer data our most important responsibility and invests considerable time, development, and other resources to ensure your information is protected.

Logos websites are typically developed in-house and are carefully architected to protect all customer information. The forum software is a third-party application customized to work with our single sign-on mechanism. Before deploying the forums, Logos customized the source code to avoid exposing any customer information; however we missed email addresses on RSS feeds. The forum software was patched today at 9:50 a.m. (PST), and forum user email addresses are no longer exposed. Just to be safe, we’re double checking the rest of the forum code to ensure the fix is final.

Thank you for taking care of this so quickly.

Jim Straatman:
I’ll avoid the distinction between breach, leak, and hack, but can confirm that no internal systems were compromised. Logos is committed to secure development practices and we’ll continue to take every effort in keeping your information safe.

;) 

Posts 1513
Josh | Forum Activity | Replied: Thu, Dec 2 2010 10:03 PM

I'm still waiting on my e-mail...I can't wait to send my pics. Stick out tongue

Posts 128
Derek | Forum Activity | Replied: Thu, Dec 2 2010 10:29 PM

Joshua Garcia:

I'm still waiting on my e-mail...I can't wait to send my pics. Stick out tongue

You want me to send you her address?  Surprise

Posts 2964
tom | Forum Activity | Replied: Fri, Dec 3 2010 4:45 AM

Jim Straatman:
Logos is committed to secure development practices and we’ll continue to take every effort in keeping your information safe.

Thanks Jim, we know things like this happens.  While everyone is glad that information like our credit card numbers were not stolen, all of also know that you cannot give us a 100% guarantee that this information will not be stolen.  

For me, things like prayer list, notes,... are just as important as our credit card numbers.  The best security for us is not to send you this information.  Thus, this is why I say that we also need a setting that allows us not to upload our data to Logos' servers.

Posts 8893
fgh | Forum Activity | Replied: Fri, Dec 3 2010 5:25 AM

Todd Phillips:

fgh:
 I'm not sure you're helping Logos, though. What you're saying is essentially that no one broke into the safe; Logos just left things out in the open for anyone to take. Yeah, that makes me feel safer... 

Certainly it does me. It means that the exposure is limited. 

I wasn't talking about just this instance. I was talking generally. I'm as glad as everyone else that 'the safe wasn't broken into' -- but if someone borrowed your iPod and left it out in the rain, would you trust him with your laptop?

tom collinge:
it doesn't matter if it was a security breach, a breach of security, or a security leak, our information (email addresses) is now in the hands of people that should not have it.

Thank you, Tom!

tom collinge:
For me, things like prayer list, notes,... are just as important as our credit card numbers.  The best security for us is not to send you this information.  Thus, this is why I say that we also need a setting that allows us not to upload our data to Logos' servers.

I've already given you 10 Yes on this. Am I allowed more? Wink

 

"The Christian way of life isn't so much an assignment to be performed, as a gift to be received."  Wilfrid Stinissen

Mac Pro OS 10.9.

Posts 128
Derek | Forum Activity | Replied: Fri, Dec 3 2010 7:02 AM

Wait... you are saying my notes and all are sync'd to the cloud when I use Logos 4???  Um, is it encrypted as it is sent??? Do they know the security breach they are creating for some people living in certain places???????

Posts 1674
Paul Golder | Forum Activity | Replied: Fri, Dec 3 2010 7:22 AM

ChinaRunner:

Wait... you are saying my notes and all are sync'd to the cloud when I use Logos 4???  Um, is it encrypted as it is sent??? Do they know the security breach they are creating for some people living in certain places???????

Security and Privacy Concern about Logos4 Phonning Home

"As any translator will attest, a literal translation is no translation at all."

Posts 2964
tom | Forum Activity | Replied: Fri, Dec 3 2010 7:27 AM

ChinaRunner:

Wait... you are saying my notes and all are sync'd to the cloud when I use Logos 4???  Um, is it encrypted as it is sent??? Do they know the security breach they are creating for some people living in certain places???????

Yes, your notes, prayers, layouts, ... are all sync to L4 servers.  Is it encrypted?  I do not know for sure, but I believe they do encrypt the data.  There is a setting (use internet) that can be set.  If you set this setting to no, you can no longer download any books.

Posts 5615
Todd Phillips | Forum Activity | Replied: Fri, Dec 3 2010 7:29 AM

Paul Golder:

ChinaRunner:

Wait... you are saying my notes and all are sync'd to the cloud when I use Logos 4???  Um, is it encrypted as it is sent??? Do they know the security breach they are creating for some people living in certain places???????

Security and Privacy Concern about Logos4 Phonning Home

That's a long thread that makes for a evening of reading.  

Short answer:  SSL is used for syncing the data (encrypted in transmission).  The data is not encrypted when stored in the Logos server.

Bob Pritchett's response to it all it buried on the seventh page here:

http://community.logos.com/forums/p/15836/122727.aspx#122727

 

Wiki Links: Enabling Logging / Detailed Search Help - MacBook Pro (2014), ThinkPad E570

Posts 1674
Paul Golder | Forum Activity | Replied: Fri, Dec 3 2010 7:39 AM

Todd Phillips:
Short answer:  SSL is used for syncing the data (encrypted in transmission).  But the data is not encrypted in their server.

Encryption can be good and bad in this age.

I hear that in areas where every police station has an office to monitor local internet traffic, that some of the first transmissions that are flagged for review are the encrypted ones.

"As any translator will attest, a literal translation is no translation at all."

Posts 8893
fgh | Forum Activity | Replied: Fri, Dec 3 2010 8:52 AM

Paul Golder:
I hear that in areas where every police station has an office to monitor local internet traffic, that some of the first transmissions that are flagged for review are the encrypted ones.

The best place to hide a needle is in a needle factory. The solution to the above isn't to encrypt less; it's to encrypt everything, however minor and however innocent. 

"The Christian way of life isn't so much an assignment to be performed, as a gift to be received."  Wilfrid Stinissen

Mac Pro OS 10.9.

Posts 128
Derek | Forum Activity | Replied: Fri, Dec 3 2010 3:49 PM

???

SSL is becomming completely common these days.  Most email services are switching to ssl for tansmission of emails between the client (outlook) and the server (your email provider).  Soon all large email providers will transmit the email between them using ssl.  This is an amazing jump forward....

ALL businesses use SSL or better encryption for their VPNs which most employees use from home.  Many websites dish up your data via ssl.  Google Docs will soon be completely ssl for its transmission of data.  SSL is becoming standard... 

No flags here, nothing setting off any alarms...No one will care if you encrypt everything... Anyone doing anything with technology on the net has been doing it for years....

Now, the big question is whether the governments actually have keys to read SSL traffic or not... There is evidence on both sides of that argument.  But the commonplace of SSL today says that no one cares if you are encrypting your internet traffic.

And certainly, when they see that it is between you and "LOGOS" --- not exactly a "high risk" transmission...

Posts 128
Derek | Forum Activity | Replied: Fri, Dec 3 2010 3:55 PM

SSL only states whether my data is encrypted on the way to their servers.  Is my data encrypted ON their servers?  Can anyone - ANYONE but me read this data?  Some of my prayer list data is highly sensitive.

I can only imagine someone like Chuck Colson - prayer lists of sensitive government representatives, sync'd to Logos, and some young nerd at Logos reading through someone's personal junk...

Don't tell me that because they are christians there won't be someone doing this.  Google is a great example - remember that kid that was reading young girls emails about 6 months ago???

I sincerely hope that it is encrypted ontheir servers and so that Noone can read it but me.... 

I do not like cloud storage...

Posts 5573
Forum MVP
Rich DeRuiter | Forum Activity | Replied: Fri, Dec 3 2010 4:22 PM

ChinaRunner:
SSL only states whether my data is encrypted on the way to their servers.  Is my data encrypted ON their servers?  Can anyone - ANYONE but me read this data?  Some of my prayer list data is highly sensitive.

I doubt anyone can read it, and I doubt even more that they'd want to. But if you put anything into Logos that you don't want others to read, take into consideration that the most likely people to read and be (potentially) offended are those who also have access to your computer. I don't recommend putting confidential information in anything but encrypted files. Period.

I would never put the onus for maintaining confidentiality in anyone's hands but my own. So I don't put any sensitive data or information in Logos. Ever. When I need to have a record of something I think is even potentially confidential, I use password protected files, and/or password protect a zip file in which I put such data. Even that isn't Defense Department standard, but it will thwart the discovery of information from anyone who is likely to have access to my computer. I recommend others do the same (or better).

Further Logos syncing is not designed to protect confidentiality and they say so.

This is from the Logos4 EULA:

DO NOT STORE HIGHLY CONFIDENTIAL INFORMATION IN THE SOFTWARE. The Software is designed for consumer reference and study purposes, and while we will take all precautions to protect your data, we cannot ensure the level of security you would expect from online banking or other highly secure services.

You are responsible to keep the password associated with your Logos.com login private. It is the primary means of security for data synchronized through the Software.

 Help links: WIKI;  Logos 6 FAQ. (Phil. 2:14, NIV)

Posts 128
Derek | Forum Activity | Replied: Sat, Dec 4 2010 12:43 AM

Richard DeRuiter:

I doubt anyone can read it

Would really like to hear from logos about that.  My notes are personal & I'm writing a book... Don't exactly want a publishing company to have my notes and my research...

Posts 3702
Floyd Johnson | Forum Activity | Replied: Sat, Dec 4 2010 12:51 AM

Derek:

Richard DeRuiter:

I doubt anyone can read it

Would really like to hear from logos about that.  My notes are personal & I'm writing a book... Don't exactly want a publishing company to have my notes and my research...

Read the last two paragraphs of Richard's reply - the EULA is Logos' position.  I think what they are saying is that they are taking reasonable care, but can make no guarantees.  I think that I read somewhere that they are buying space on a public server (Google?) somewhere, thus your information is as safe as anything else on Google.  I would not trust my none public data or notes to LOGOS notes.  Others do - you will need to make your own decision based on what LOGOS does tell you.

 

Blessings,
Floyd

Pastor-Patrick.blogspot.com

Posts 29347
Forum MVP
MJ. Smith | Forum Activity | Replied: Sat, Dec 4 2010 12:51 AM

Dan DeVilder:
Actually, don't think I got it, unless it went to already emptied junk folder.

I was discriminated against - I didn't get it. Crying Does that mean I can't get my cut of 43 million (or whatever the current scam number is)?

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Page 4 of 5 (86 items) < Previous 1 2 3 4 5 Next > | RSS