PSA: Security Researchers Prove That Dropbox Can Be Hacked

[haikuman]

Well alrrrighty then ~!~ *(:>* It was bound to happen methinks.

JULIE BORT AUG. 28, 2013, 8:23 PM


http://www.businessinsider.com/researche...ked-2013-8


Two security researchers blew by Dropbox's security features, gained access to private user files and published a paper that explained how they did it.
Their goal was to get Dropbox to create an open source version of itself, which means that anyone could look at its code and verify that the service is secure.

For instance, it added encryption and something called "two-factor authentication" which makes users take extra steps to log into a Dropbox account.

The researchers disabled both of those protections.

[Racer X]

The only safe way to store something is, well, there isn't one.

[cbelt3]

Paper in a locked safe.

[digby]

I memorize my files and then eat them.


Mmmm... gifs...

[jdc]

You quoted the wrong part -- this was the kicker:

Dropbox says that this research doesn't really put anyone's accounts at risk. A spokesperson gave us this statement:

“We appreciate the contributions of these researchers and everyone who helps keep Dropbox safe. However, we believe this research does not present a vulnerability in the Dropbox client. In the case outlined here, the user’s computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user's Dropbox, open to attacks across the board."

[The UnDoug]

Good point, jdc, but Dropbox's response is similar to what many of us Apple zealots say when a new OS X "hack" is announced.

"Oh, it doesn't really matter because someone would have to user that charger/enter their admin password/etc."

[mikebw]

Nothing is 100% secure.

[space-time]

mikebw wrote:
Nothing is 100% secure.

death.

[mikebw]

space-time wrote:
[quote=mikebw]
Nothing is 100% secure.

death.
Death is guaranteed, I don't know if I would say it was secure though.