Jump to content

Dropbox 'insecure And Misleading' – Crypto Researcher Says


Infiltrator
 Share

Recommended Posts

Updated Popular cloud storage service Dropbox is misleading users into thinking it is more secure than it really is, says a security researcher and academic, who has asked for the FTC to investigate.

Read more: http://www.theregister.co.uk/2011/05/16/dropbox_ftc_not_good_enough/

Link to comment
Share on other sites

One of the reasons to encrypt your data before uploading it to the cloud and least but not last, DO NOT upload confidential information.

Link to comment
Share on other sites

A friend told me about his research into this last year at Brucon, was sworn to secrecy at the time but he said given a key bit of info about a file he could download it from their servers.

Link to comment
Share on other sites

A friend told me about his research into this last year at Brucon, was sworn to secrecy at the time but he said given a key bit of info about a file he could download it from their servers.

I wouldn't be surprised if they can download end users information from their servers. But again its something that the end users should be aware and cautious about when uploading their information to a server they don't know about. Furthermore its something that ends users should learn more about and become more aware and cautions of the dangers of storage clouds.

Link to comment
Share on other sites

Unfortunately users don't care and I don't think they ever will, all they see is the shiny adverts about making their life easier and they go for it. If they have to put an extra step of encrypting something in the path of putting their stuff online then they will just go elsewhere.

Link to comment
Share on other sites

Unfortunately users don't care and I don't think they ever will, all they see is the shiny adverts about making their life easier and they go for it. If they have to put an extra step of encrypting something in the path of putting their stuff online then they will just go elsewhere.

And the funny thing is when something goes wrong they go blaming the company or the person in charge, they never think twice about the consequences.

Just like you said, they don't care and never will.

Link to comment
Share on other sites

Thanks for opening my eyes about Dropbox.

Good thing the only thing I use it for is to sync my Minecraft Saves across my three computers. :D

Link to comment
Share on other sites

Thanks for opening my eyes about Dropbox.

Good thing the only thing I use it for is to sync my Minecraft Saves across my three computers. :D

These issues shouldn't stop you from using their service altogether, if you are going to upload personal information make use of encryption and use AES 256 bits. That should stop them from preying on your information.

Link to comment
Share on other sites

These issues shouldn't stop you from using their service altogether, if you are going to upload personal information make use of encryption and use AES 256 bits. That should stop them from preying on your information.

I usually don't put any personal info out without encryption.

But while on the topic, what are a few programs you guys use to encrypt your data?

Personally I use encfs if I know I'm going to be on a Linux computer, or TrueCrypt for cross environments.

Link to comment
Share on other sites

I use NotepadCrypt to encrypt text messages, then Truecrypt to encrypt text file and lastly OpenPGP to create a digital signature of the file. So that way if the file structure or integrity has been tempered, I would know.

Yeah i know, you can call me paranoid....

Link to comment
Share on other sites

Perfectly normal for someone who could have a lot to loose if their files have been tampered with.

Other than a few C++ programs, a web design template, and my Minecraft saves.

I dont have anything that valuable to loose on dropbox so i don't take extra steps to encrypt that data.

Link to comment
Share on other sites

In fact there are people who actually use these online services to store their personal information. I'd still use it for simple file storage, like mp3 or other less sensitive files.

Besides, if you don't want to leave digital footprints behind or run the risk of someone spying on you, you could use the same technique as Osama Bin Landen used to deliver a message without being traced.

Using an USB stick and having it sent or delivered by a post office.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...