All iPads SERIOUS Security Question For All New iPads?

[ericwn]

Is this the best method to use?

I thought by using 3 different cloud services I'd be able to ensure that the .PDF files weren't altered when they were transferred???

It’s the one remaining if one starts to develop paranoia about cloud services.

 

[TiggrToo]

I spend my life transferring files - data, pdf, word, excel, zip and database backup files.

Some of the files are critical, others not so. If I really care, I run crc32 on the command line:

crc32 /path/to/file

Most of the time that's just to verify a backup got moved correctly so it'll restore later.

Who is going to be modifying your PDF files anyway, @BeautifulWoman_1984 ? If you're not a large corporation or a Nation state, the answer is invariably going to be "no-one"

If you're this concerned, compress the file with a password and send that to the destination. If it decompresses OK then you're fine.

Except...what if some has a keylogger and knows your password and...

Again, trust me, you're like the rest of us: an insignificant nobody. I don't mean that as an insult, more of a affirmation that you're blowing all of this out of proportion.

I've worked for banks and been a military contractor in my day - even they don't get this paranoid - and they can get quite wacky (like, from the mid 1990s I read a the Classified document that specified what color floppy disks should be for each level, red for top secret etc., but no-one without security Clearence would know that they should only use black floppy disks - and you were not allowed to tell unclassified folk that either, etc...)

Breath and just copy away. You really honestly will be fine.

 

[Runs For Fun]

I spend my life transferring files - data, pdf, word, excel, zip and database backup files.

Some of the files are critical, others not so. If I really care, I run crc32 on the command line:

crc32 /path/to/file

Most of the time that's just to verify a backup got moved correctly so it'll restore later.

Who is going to be modifying your PDF files anyway, @BeautifulWoman_1984 ? If you're not a large corporation or a Nation state, the answer is invariably going to be "no-one"

If you're this concerned, compress the file with a password and send that to the destination. If it decompresses OK then you're fine.

Except...what if some has a keylogger and knows your password and...

Again, trust me, you're like the rest of us: an insignificant nobody. I don't mean that as an insult, more of a affirmation that you're blowing all of this out of proportion.

I've worked for banks and been a military contractor in my day - even they don't get this paranoid - and they can get quite wacky (like, from the mid 1990s I read a the Classified document that specified what color floppy disks should be for each level, red for top secret etc., but no-one without security Clearence would know that they should only use black floppy disks - and you were not allowed to tell unclassified folk that either, etc...)

Breath and just copy away. You really honestly will be fine.

Exactly. Unless OP is some super top secret FBI spy handling super sensitive information, no one is targeting you to the extent that this level of paranoia and jumping through this many hoops makes any sense.

 

[BigMcGuire]

Exactly. Unless OP is some super top secret FBI spy handling super sensitive information, no one is targeting you to the extent that this level of paranoia and jumping through this many hoops makes any sense.

And if they were a super top secret FBI agent, they wouldn't be on Macrumors asking basic questions on how security works. ..... I'd hope. 🙂 lol.

@OP - If something you don't understand scares you, take the effort to learn all you can about it. There is a vast amount of information even for free to learn about how to keep your digital data secure.

 

[I7guy]

My own method to add to the few that have been suggested is to email the pdfs to myself. I would be 99.99% sure the pdfs wouldn't have been altered. I don't think 100% surety is really achievable.

 

[casperes1996]

My own method to add to the few that have been suggested is to email the pdfs to myself. I would be 99.99% sure the pdfs wouldn't have been altered. I don't think 100% surety is really achievable.

If one is really worried about security this one is basically the only suggested method I would say should be entirely off the table. Unless you encrypt it yourself. Email per default is just plain text encoding with no confidentiality or authenticity in the protocol

 

[BeautifulWoman_1984]

Unless you're the target of a state actor I think you're overcomplicating your life quite a lot!

Your transmissions between iCloud and your device will be over SSL/TLS so won't be capable of being manipulated in the middle without a MIIM certificate attack to allow decrypted interception of your stream. This would result in an error and no connection unless your device was accessed to install the MIIM certificate.

If you were truly at this risk though you can test if by storing a file hash on another cloud provider or local on disk or etc and comparing the two hashes. If the hash is the same and wasn't placed on iCloud that's proof enough that it wasn't tampered in the middle.

But strong passwords will be more for you than over complicating this.

Thank you for your reply LogicalApex!

You're definitely correct about me over complicating my life, but I'm very sincere in wanting to ensure that my .PDF files haven't been altered and I'm more than happy to dedicate more time to achieve this goal!

 

[Mr_Brightside_@]

It occurred to me that using your three prong method actually opens you up to two more attack vectors, but I’m sure you’ve considered that

 

[BeautifulWoman_1984]

It occurred to me that using your three prong method actually opens you up to two more attack vectors, but I’m sure you’ve considered that

Thank you for your reply Mr_Brightside, but I'm not sure how I'm opening myself up to two more attacks?

Could you please clarify as this is a serious issue for me?

 

[Mr_Brightside_@]

2 of the 3 services you intend to use to test PDF intervention require an account in order to function and send files. Having added internet accounts opens your data up to potential hacking at those services.

Surely you have considered this?

 

[BeautifulWoman_1984]

2 of the 3 services you intend to use to test PDF intervention require an account in order to function and send files. Having added internet accounts opens your data up to potential hacking at those services.

Surely you have considered this?

Thank you for your reply Mr_Brightside.

I see what you mean now! Having additional internet accounts means I have other "openings" for my internet connection... 😵😵😵 I'll need to look at my other options.

 

[macsound1]

Thank you for your reply Mr_Brightside.

I see what you mean now! Having additional internet accounts means I have other "openings" for my internet connection... 😵😵😵 I'll need to look at my other options.

Just splitting hairs here but
Additional accounts means additional places you can get your data stolen, not additional openings for your internet connection.
You could have an account for iCloud, Dropbox, and OneDrive, all without having an internet connection that you personally pay for, just accessing things at Starbucks and the Library.

I wanted to clarify because having data stored on someone else's server and that getting hacked is completely different than someone accessing data over the internet that you have stored locally on your computer that's in your home/posession.