Jump to content

Dropbox told about vulnerability in November 2013, only fixed it when

Guest LilBambi

By Guest LilBambi
in Security & Networking

 Share

Recommended Posts

Guest LilBambi

Guest LilBambi

Posted
Posted

Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest - Graham Cluley

 

Dropbox was contacted yesterday by the media, investigating the claims being made by Intralinks – a file sharing and collaboration service for enterprises – after it revealed that it had stumbled across individuals’ mortgage applications and income tax returns that should surely have remained private on Dropbox.

 

Dropbox responded last night with a blog post saying it was addressing the vulnerability and that it was “unaware of any abuse of this vulnerability”.

 

Well, clearly – despite Dropbox’s protestations – users’s data *was* exposed, otherwise files like this and this wouldn’t have fallen into the hands of unauthorised parties.

 

zGU2LZg.jpg

 

 

 

And likely Dropbox still wonders why security aware people may not trust them with their sensitive information...

 

I stopped using them for anything that matters long ago.

Link to comment
Share on other sites
ebrke

ebrke

Posted
Posted

That's why Spideroak is so awesome. :)

 

Trust No One......

 

Adam

Based on the user encryption angle? Looking for info, not challenging your opinion. I'm always suspicious about any cloud-based service.
Link to comment
Share on other sites
ross549

ross549

Posted
Posted

Your data on SpiderOak is encrypted before leaving the computer. SpiderOak cannot see your data. In fact, they state that if you have a problem with your data itself, they cannot help you. If you forget your password, they can't help you either.

 

Edit: They can verify that the client on your computer is working. They just can't see the data or decrypt it on their servers.

 

They are reputable and trustworthy. :) (2GB free)

 

Adam

  • Like 1
Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted

I keep nothing of importance or value in the cloud. Sorry. Just don't trust it/them. :(

Link to comment
Share on other sites
ross549

ross549

Posted
Posted

The cool thing is if your data is stolen from SpiderOak, the hackers can spend all the time they want trying to decode it..... the crypto involved is AT LEAST as good as the crypto used in CryptoLocker!

 

:lol:

 

Adam

Link to comment
Share on other sites
Temmu

Temmu

Posted
Posted

i put all my sensitive, self incriminating evidence unencrypted in various cloud sites for ease of access in case i forget my password or loose my private key.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...