BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 08-20-2012, 10:42 PM   #1
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Dropbox (in)security

Please Login to Remove!

I know Dropbox is very popular with mobile users but I think people should be aware they have been compromised several times, the most recent being the end of July.

User details compromised as Dropbox admits security breach | ITProPortal.com

Dropbox security bug left accounts unprotected | ITProPortal.com

https://twitter.com/csoghoian/status/82973832180277251

Dropbox gets hacked ... again | ZDNet

5 Dropbox Security Warnings For Businesses - Security - Security administration/management - Informationweek

caveat emptor

I have an inherent distrust of the cloud but I have used box.net. They have no history of breaches as far as I know.

While on the subject, if anyone has not heard about blogger Mat Honan's devastating iCloud hack, read on.

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com
__________________
Report spam text messages to 7726
#BlackBerry by choice

Last edited by daphne; 08-20-2012 at 10:46 PM..
Offline  
Old 08-21-2012, 10:36 AM   #2
knottyrope
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: DT60
OS: 123456789
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 7,325
Default Re: Dropbox (in)security

always encrypt all your files in the cloud
__________________
I had to fall
To lose it all
But in the end
It doesn't even matter

Rocking the Motion with out lotion.
Offline  
Old 08-21-2012, 01:30 PM   #3
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default Re: Dropbox (in)security

Niether here nor there, but I was about to sign up for a Dropbox account one day when news came out that they were misrepresenting what they do to encrypt customer data. I wouldn't have stored anything beyond trivial data anyway, but I still decided to steer clear of it. I guess I'm not really comfortable with the whole idea, either, but the news put me off of giving it a try. I'm too set in my ways.

On the Honan story, of course it reinforces the advice to use unique login info, but the big take away (for me, anyway) was the extent to which what one entity uses to identify you may be available easily from another entity. The so-called hacker didn't really hack anything. He just exploited publicly open vulnerabilities.

As an aside, if the news reports are accurate, Honan wasn't targeted per se, at least not for who he was or who he represented; the Hacker just found his twitter username interesting and wanted to cause chaos and watch.
Posted via BlackBerryForums.com Mobile
Offline  
Old 08-21-2012, 05:58 PM   #4
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default Re: Dropbox (in)security

Quote:
Originally Posted by aiharkness View Post
Niether here nor there, but I was about to sign up for a Dropbox account one day when news came out that they were misrepresenting what they do to encrypt customer data. I wouldn't have stored anything beyond trivial data anyway, but I still decided to steer clear of it. I guess I'm not really comfortable with the whole idea, either, but the news put me off of giving it a try. I'm too set in my ways.

On the Honan story, of course it reinforces the advice to use unique login info, but the big take away (for me, anyway) was the extent to which what one entity uses to identify you may be available easily from another entity. The so-called hacker didn't really hack anything. He just exploited publicly open vulnerabilities.

As an aside, if the news reports are accurate, Honan wasn't targeted per se, at least not for who he was or who he represented; the Hacker just found his twitter username interesting and wanted to cause chaos and watch.
Posted via BlackBerryForums.com Mobile
That's right - the hack was also done by social engineering - getting the last 4 digits of his credit card that was stored on Amazon, and getting Apple support to change the password. It might have been a different article, but on one of them Mat Honan said the hacker told him he just wanted the Twitter handle @mat because he thought it was cool.

And having all your online accounts linked to each other isn't so good because if one gets compromised, all the rest can be compromised too.

I remember that news about Dropbox misrepresenting what they do to encrypt customer data. How can one trust a company after that.... ?
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Old 08-24-2012, 02:07 AM   #5
NoBox
Thumbs Must Hurt
 
Join Date: Aug 2011
Model: 9800
PIN: N/A
Carrier: ATT&Verizon
Posts: 149
Default Re: Dropbox (in)security

Quote:
Originally Posted by daphne View Post
That's right - the hack was also done by social engineering - getting the last 4 digits of his credit card that was stored on Amazon, and getting Apple support to change the password. It might have been a different article, but on one of them Mat Honan said the hacker told him he just wanted the Twitter handle @mat because he thought it was cool.

And having all your online accounts linked to each other isn't so good because if one gets compromised, all the rest can be compromised too.

I remember that news about Dropbox misrepresenting what they do to encrypt customer data. How can one trust a company after that.... ?
Fact is a person cannot trust any company where you don't have the personal ability to verify they are doing what they say. Many companies claim they keep user information private but since we users can neither check on their performance nor punish them for violating their promises their claims are essentially worthless.

However I suppose a cloud service could be useful if the data could be encrypted prior to uploading. Encryption using a long, random key should make the data private even if accessed on the cloud server. Not to say it could never be compromised. But, the effort would be too much for just about everyone.

What encryption application to use? Who knows what machine I'll use a year from now? Except I know it won't be Apple. Anyone know of a file encryption application that runs on Blackberry, Windows and Android?

Last edited by NoBox; 08-24-2012 at 02:25 AM..
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: Dropbox (in)security
Thread Thread Starter Forum Replies Last Post
Dropbox security claims aiharkness Aftermarket Software 2 05-16-2011 07:21 PM
LIST of DropBox Compatible Apps (FileScout, Docs-To-Go, etc) Mark Rejhon Aftermarket Software 2 02-08-2011 11:44 AM
DropBox Beta Nomis Aftermarket Software 3 09-16-2010 08:48 AM
DropBox Beta for BlackBerry djm2 Aftermarket Software 0 09-14-2010 11:07 AM
DropBox service added to YouMail Shaun Aftermarket Software 3 08-26-2009 11:22 AM


GE Voltage Stabilizer 10 KVA Transformer Pri 175-235/190-260/380-520 Sec 120/240 picture

GE Voltage Stabilizer 10 KVA Transformer Pri 175-235/190-260/380-520 Sec 120/240

$648.00



9X-9591 Caterpillar Voltage Regulator picture

9X-9591 Caterpillar Voltage Regulator

$799.99



KATO KCR-360 Voltage Regulator AVR (Brand New) picture

KATO KCR-360 Voltage Regulator AVR (Brand New)

$799.24



High Voltage 300W 30KV Electrostatic Precipitator Power Supply with dual output picture

High Voltage 300W 30KV Electrostatic Precipitator Power Supply with dual output

$64.99



Voltage Electricity Tester Volt Detector Test Pen AC Non-Contact Sensor 90-1000V picture

Voltage Electricity Tester Volt Detector Test Pen AC Non-Contact Sensor 90-1000V

$14.99



Voltage Electricity Tester Volt Detector Test Pen 12-1000V AC Non-Contact 2-PACK picture

Voltage Electricity Tester Volt Detector Test Pen 12-1000V AC Non-Contact 2-PACK

$15.95







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.