Jump to content
LilBambi

Dropbox told about vulnerability in November 2013, only fixed it when

By LilBambi, in Security & Networking

Recommended Posts

LilBambi    3,279

LilBambi
Posted

Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest - Graham Cluley

 

Dropbox was contacted yesterday by the media, investigating the claims being made by Intralinks – a file sharing and collaboration service for enterprises – after it revealed that it had stumbled across individuals’ mortgage applications and income tax returns that should surely have remained private on Dropbox.

 

Dropbox responded last night with a blog post saying it was addressing the vulnerability and that it was “unaware of any abuse of this vulnerability”.

 

Well, clearly – despite Dropbox’s protestations – users’s data *was* exposed, otherwise files like this and this wouldn’t have fallen into the hands of unauthorised parties.

 

zGU2LZg.jpg

 

 

 

And likely Dropbox still wonders why security aware people may not trust them with their sensitive information...

 

I stopped using them for anything that matters long ago.

Share this post

Link to post
Share on other sites

ross549    1,255

ross549
Posted

That's why Spideroak is so awesome. :)

 

Trust No One......

 

Adam

  • Like 1

Share this post

Link to post
Share on other sites

ebrke    1,234

ebrke
Posted

That's why Spideroak is so awesome. :)

 

Trust No One......

 

Adam

Based on the user encryption angle? Looking for info, not challenging your opinion. I'm always suspicious about any cloud-based service.

Share this post

Link to post
Share on other sites

ross549    1,255

ross549
Posted

Your data on SpiderOak is encrypted before leaving the computer. SpiderOak cannot see your data. In fact, they state that if you have a problem with your data itself, they cannot help you. If you forget your password, they can't help you either.

 

Edit: They can verify that the client on your computer is working. They just can't see the data or decrypt it on their servers.

 

They are reputable and trustworthy. :) (2GB free)

 

Adam

  • Like 2

Share this post

Link to post
Share on other sites

ross549    1,255

ross549
Posted

The cool thing is if your data is stolen from SpiderOak, the hackers can spend all the time they want trying to decode it..... the crypto involved is AT LEAST as good as the crypto used in CryptoLocker!

 

:lol:

 

Adam

  • Like 1

Share this post

Link to post
Share on other sites

Robert    230

Robert
Posted

I put my file(s) in a Truecrypt folder with a unique, strong password, then upload the folder to the cloud.

  • Like 2

Share this post

Link to post
Share on other sites

Temmu    1,929

Temmu
Posted

i put all my sensitive, self incriminating evidence unencrypted in various cloud sites for ease of access in case i forget my password or loose my private key.

Share this post

Link to post
Share on other sites

ross549    1,255

ross549
Posted

Well, as you use more and more cloud services, the data becomes harder to find, right?

 

:D

 

Adam

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...