More and more are migrating to cloud these days, I expect more and more epidemic leakage will come.
I host everything myself except for email, which is always a headache but contains more private info than all others I manage combined. Maybe it is time to run a small email server again but it is easily said than done, gosh please give me something like a working PGP or whatever for safe emails(PGP is dying from what I read)...
"Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. "
"The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. "
I'm a paid premium member for Yahoo's service for many years, I would like to join somebody else to sue the hell out of Yahoo.
Suing companies for this sort of thing isn't as easy as you'd think. One of the issues is damages, as in, you need to prove you incurred some sort of tangible harm or damage. This is usually calculated in financial damage. Currently there is a big split in the legal community about whether having your password or other info stolen, without any thing else happening (such as leveraging that information to get inside bank accounts and stealing money) is enough harm to satisfy the damages requirement because there was no financial damage done. Not saying I agree, but it's an issue.
If you can prove financial or other harm resulted from this, then yes, you'd might have a case.
Another avenue you could take is breach of contract or some similar claim. As in, you paid them and formed a contract according to their ToS, and their ToS (I assume) states they use at least reasonable security. Yet they didn't, which would be a breach of contract.
The complexity isn't that much of a problem. Windows server + smartermail has a nice UI all the way. The problem is cost.
[edit] by the way I wonder how useful would be a tutorial "for dummies" of how to set up your own mail server from scratch. I assume that users who would be happy to pay for their own server but feel it is too complicated would likely be windows users, i.e. wouldn't mind having to pay for a license and would like to use an environment with a relatively exhaustive UI. I'll give it a try.
SmarterMail have both perpetual + monthly lease licensing options. Leasing of SmarterMail Pro 250 Mailboxes was as low as $15/mo. Overall SmarterMail have a easy installation and all the management is via the web interface.
Well inbound email is really not a big issue from my experience. The issue (if any) is deliver-ability of outbound email. But that can be handled in any number of ways. (You can use someone else's smtp if there are issues or you can just follow best practices to have a clean ip address they are available).
I have been doing both inbound and outbound for roughly 20 years on our own equipment. But even doing just inbound gives you better control and in a way you are able to lessen the attack surface of being a large vulnerable target.
I've heard that setting up an outbound email server on places like Linode or DO is tricky, because of how likely it is the IP block you're on will be considered spammy. To get around that, I rent a VPS from a local ISP here in Seattle. They have their own equipment, their own IP ranges, etc. It's a bit spendier than Linode but it's not breaking the bank.
Hey just to let you know I host ~300 domains on 1 aws instance. We only have issues when a clients password gets phished, but we also have a limit on the amount of emails per day they can send. So it's never a real issue.
~20,000 emails a day
Going on 4 years. AWS "blocks" are perfectly fine. If you are going to host your own just get your self an Elastic IP and let your account manager know that you intend to send mail. As they (use to? I had to do this 4 years ago) have their own internal anti-spam system which you may hit.
On the contrary I also host my own mail on an instance I have over at [0] which is rock solid and I've had no issues that are not the fault of my own. I would recommend at minimum.
The only thing I can say is if you want to do email yourself possibly use [1] for an easy to setup system and make sure you get a box with minimum 512mB of RAM or around 1GB because ClamAV is fat.
Or go [2] for a hosted solution. Who are doing great things regarding encrypted mail.
Me and a number of my freinds in clubs at my university use it whenever we need to send secrets to eachother, but everything else is done in clear text.
I disagree. The larger the congregation of value by a single target, the higher value the target. Saying it doesn't impact security is like saying whether a building is a bank or a house doesn't impact security.
(It should also probably be noted that I assume the OP was referring to "cloud" as in centralized data services as opposed to "cloud" as in hosted servers/VMs)
More and more are migrating to cloud these days, I expect more and more epidemic leakage will come.
I host everything myself except for email, which is always a headache but contains more private info than all others I manage combined. Maybe it is time to run a small email server again but it is easily said than done, gosh please give me something like a working PGP or whatever for safe emails(PGP is dying from what I read)...