Dropbox Authentication: Insecure By Design 168
An anonymous reader writes "Dropbox can be very useful, but you might be a little surprised to learn that by copying one file from a computer running the application, an attacker can access and download all of your files without any obvious signs of compromise. Normal remediation steps after a compromise such as password rotation, system re-image, etc will not prevent continued access to the compromised Dropbox. Derek Newton, a security researcher that published this finding yesterday, discusses the security implications of this by-design security authentication method on his blog."
Re:Dropbox (Score:5, Insightful)
Re:Dropbox (Score:4, Insightful)
Replying to undue accidental 'redundant' instead of 'informative'.
Doh. Also poster is right. Different data have different security requirements -- think about that for a while.
Re:Slashdotted before the comments even started? (Score:4, Insightful)
I'm always shocked by how much load is put on a server by people not reading the article.
the Cloud is ... (Score:4, Insightful)
Someone else's computer
Re:Dropbox IPS sig from EmergingThreats (Score:4, Insightful)
Maybe you should find out what people are using the DB access for first...at my company, we use it as a working drop for communicating external documents with outside vendors, more convenient than shoveling everything around via email.
My old joke about the ideal network for the network admin is a single computer in a bank vault, unplugged. It's unfortunate that the job basically is all downside in terms of incidents, but ultimately the job should still be to *facilitate* employee access to company data, customers, and each other. Otherwise you are actively impeding the profitability of your company.