BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BlackBerry and Mobile Security (http://www.blackberryforums.com/blackberry-mobile-security/)
-   -   Dropbox (in)security (http://www.blackberryforums.com/blackberry-mobile-security/261149-dropbox-security.html)

daphne 08-20-2012 10:42 PM

Dropbox (in)security
 
I know Dropbox is very popular with mobile users but I think people should be aware they have been compromised several times, the most recent being the end of July.

User details compromised as Dropbox admits security breach | ITProPortal.com

Dropbox security bug left accounts unprotected | ITProPortal.com

https://twitter.com/csoghoian/status/82973832180277251

Dropbox gets hacked ... again | ZDNet

5 Dropbox Security Warnings For Businesses - Security - Security administration/management - Informationweek

caveat emptor

I have an inherent distrust of the cloud but I have used box.net. They have no history of breaches as far as I know.

While on the subject, if anyone has not heard about blogger Mat Honan's devastating iCloud hack, read on.

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com

knottyrope 08-21-2012 10:36 AM

Re: Dropbox (in)security
 
always encrypt all your files in the cloud

aiharkness 08-21-2012 01:30 PM

Re: Dropbox (in)security
 
Niether here nor there, but I was about to sign up for a Dropbox account one day when news came out that they were misrepresenting what they do to encrypt customer data. I wouldn't have stored anything beyond trivial data anyway, but I still decided to steer clear of it. I guess I'm not really comfortable with the whole idea, either, but the news put me off of giving it a try. I'm too set in my ways.

On the Honan story, of course it reinforces the advice to use unique login info, but the big take away (for me, anyway) was the extent to which what one entity uses to identify you may be available easily from another entity. The so-called hacker didn't really hack anything. He just exploited publicly open vulnerabilities.

As an aside, if the news reports are accurate, Honan wasn't targeted per se, at least not for who he was or who he represented; the Hacker just found his twitter username interesting and wanted to cause chaos and watch.
Posted via BlackBerryForums.com Mobile

daphne 08-21-2012 05:58 PM

Re: Dropbox (in)security
 
Quote:

Originally Posted by aiharkness (Post 1785781)
Niether here nor there, but I was about to sign up for a Dropbox account one day when news came out that they were misrepresenting what they do to encrypt customer data. I wouldn't have stored anything beyond trivial data anyway, but I still decided to steer clear of it. I guess I'm not really comfortable with the whole idea, either, but the news put me off of giving it a try. I'm too set in my ways.

On the Honan story, of course it reinforces the advice to use unique login info, but the big take away (for me, anyway) was the extent to which what one entity uses to identify you may be available easily from another entity. The so-called hacker didn't really hack anything. He just exploited publicly open vulnerabilities.

As an aside, if the news reports are accurate, Honan wasn't targeted per se, at least not for who he was or who he represented; the Hacker just found his twitter username interesting and wanted to cause chaos and watch.
Posted via BlackBerryForums.com Mobile

That's right - the hack was also done by social engineering - getting the last 4 digits of his credit card that was stored on Amazon, and getting Apple support to change the password. It might have been a different article, but on one of them Mat Honan said the hacker told him he just wanted the Twitter handle @mat because he thought it was cool. :?

And having all your online accounts linked to each other isn't so good because if one gets compromised, all the rest can be compromised too.

I remember that news about Dropbox misrepresenting what they do to encrypt customer data. How can one trust a company after that.... ?

NoBox 08-24-2012 02:07 AM

Re: Dropbox (in)security
 
Quote:

Originally Posted by daphne (Post 1785793)
That's right - the hack was also done by social engineering - getting the last 4 digits of his credit card that was stored on Amazon, and getting Apple support to change the password. It might have been a different article, but on one of them Mat Honan said the hacker told him he just wanted the Twitter handle @mat because he thought it was cool. :?

And having all your online accounts linked to each other isn't so good because if one gets compromised, all the rest can be compromised too.

I remember that news about Dropbox misrepresenting what they do to encrypt customer data. How can one trust a company after that.... ?

Fact is a person cannot trust any company where you don't have the personal ability to verify they are doing what they say. Many companies claim they keep user information private but since we users can neither check on their performance nor punish them for violating their promises their claims are essentially worthless.

However I suppose a cloud service could be useful if the data could be encrypted prior to uploading. Encryption using a long, random key should make the data private even if accessed on the cloud server. Not to say it could never be compromised. But, the effort would be too much for just about everyone.

What encryption application to use? Who knows what machine I'll use a year from now? Except I know it won't be Apple. Anyone know of a file encryption application that runs on Blackberry, Windows and Android?


All times are GMT -5. The time now is 10:18 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.