Jump to content

Dropbox told about vulnerability in November 2013, only fixed it when

Guest LilBambi

By Guest LilBambi,
in Security & Networking

 Share Followers 0

Recommended Posts

Guest LilBambi

Guest LilBambi

Posted
Posted

Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest - Graham Cluley

 

Dropbox was contacted yesterday by the media, investigating the claims being made by Intralinks – a file sharing and collaboration service for enterprises – after it revealed that it had stumbled across individuals’ mortgage applications and income tax returns that should surely have remained private on Dropbox.

 

Dropbox responded last night with a blog post saying it was addressing the vulnerability and that it was “unaware of any abuse of this vulnerability”.

 

Well, clearly – despite Dropbox’s protestations – users’s data *was* exposed, otherwise files like this and this wouldn’t have fallen into the hands of unauthorised parties.

 

zGU2LZg.jpg

 

 

 

And likely Dropbox still wonders why security aware people may not trust them with their sensitive information...

 

I stopped using them for anything that matters long ago.

Link to post
Share on other sites
ebrke

ebrke 1,368

Posted
Posted

That's why Spideroak is so awesome. :)

 

Trust No One......

 

Adam

Based on the user encryption angle? Looking for info, not challenging your opinion. I'm always suspicious about any cloud-based service.
Link to post
Share on other sites
ross549

ross549 1,256

Posted
Posted

Your data on SpiderOak is encrypted before leaving the computer. SpiderOak cannot see your data. In fact, they state that if you have a problem with your data itself, they cannot help you. If you forget your password, they can't help you either.

 

Edit: They can verify that the client on your computer is working. They just can't see the data or decrypt it on their servers.

 

They are reputable and trustworthy. :) (2GB free)

 

Adam

  • Like 1
Link to post
Share on other sites
V.T. Eric Layton

V.T. Eric Layton 6,769

Posted
Posted

I keep nothing of importance or value in the cloud. Sorry. Just don't trust it/them. :(

Link to post
Share on other sites
ross549

ross549 1,256

Posted
Posted

The cool thing is if your data is stolen from SpiderOak, the hackers can spend all the time they want trying to decode it..... the crypto involved is AT LEAST as good as the crypto used in CryptoLocker!

 

:lol:

 

Adam

Link to post
Share on other sites
Robert

Robert 235

Posted
Posted

I put my file(s) in a Truecrypt folder with a unique, strong password, then upload the folder to the cloud.

  • Like 1
Link to post
Share on other sites
Temmu

Temmu 1,931

Posted
Posted

i put all my sensitive, self incriminating evidence unencrypted in various cloud sites for ease of access in case i forget my password or loose my private key.

Link to post
Share on other sites
ross549

ross549 1,256

Posted
Posted

Well, as you use more and more cloud services, the data becomes harder to find, right?

 

:D

 

Adam

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing
×
×
  • Create New...