How safe is shroud.com?
Barrie Schwortz’ shroud.com is an irreplaceable treasure. Could it disappear tomorrow because of hackers? It deals with a highly controversial topic that is unavoidably an affront to atheists and many religious people. As such it is a natural target for idealists or extremists of all kinds and particularly a group of hackers who call themselves “Anonymous.” They could probably take down the website in a few minutes. Would they also destroy backup copies of the website’s contents?
Is a full backup copy of the website stored somewhere such that it is inaccessible to the hosting company and the people, like Barrie, who update the site? THIS IS NOT A MATTER OF TRUST. It is about protection against spoofers and hackers of all kinds. Think in terms of identity theft. Could someone posing as a technician for the hosting company or posing as Barrie Schwortz erase the entire site and all backup copies? For protection against this sort of thing, password protected archives will not suffice. Third party backup companies doing multicyclic pull backups is essential. Push backups are vulnerable. If Barrie or a technician can erase or overwrite backup, then it will likely happen in the event of a takedown attack.
How much damage could someone posing as Barrie do? I imagine it would be 100%. Only files stored on third party systems or on dismounted DVD media would be safe. And how much damage could someone posing as a technician of the hosting company do in just a few minutes? Just as much.
After discovering what may have been an attempt to infiltrate my blog, I am implementing two-step authentication. For this I need a userid and password to gain access to the host and my cellphone, in hand, to confirm it is me who is signing on. As for backup, I’m trusting WordPress on a daily basis and I now plan to do monthly backups to DVD.