Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Authentication: Insecure By Design

Posted by Soulskill on from the drag-and-drop-and-hey-stop-that dept.

An anonymous reader writes "Dropbox can be very useful, but you might be a little surprised to learn that by copying one file from a computer running the application, an attacker can access and download all of your files without any obvious signs of compromise. Normal remediation steps after a compromise such as password rotation, system re-image, etc will not prevent continued access to the compromised Dropbox. Derek Newton, a security researcher that published this finding yesterday, discusses the security implications of this by-design security authentication method on his blog."

2 of 168 comments (clear)

  1. Re:Dropbox by Anonymous Coward · · Score: 3, Funny

    Agreed! I upload my tax forms to Pastebin and keep my photos securely locked away.

  2. Re:Dropbox by lgw · · Score: 4, Funny

    Actually I find Dropbox to be very useful for things like ebooks and technical PDFs.

    I can access them from my desktop, iPhone, iPad, wherever.

    And so can I! Thanks for putting those up there, by the way, it doesn't work if everyone leeches.

    --
    Socialism: a lie told by totalitarians and believed by fools.