Slashdot Mirror

← Back to Stories (view on slashdot.org)

File-hosting Sites Not a Safe Haven For Private Data

Posted by timothy on from the but-then-nowhere-really-is dept.

An anonymous reader tips a story at the Register, according to which "Academic researchers say they've uncovered weaknesses in dozens of the most popular file hosting sites that allow people to gain unauthorized access to data that's supposed to be available only to those selected by the user."

4 of 134 comments (clear)

  1. Encryption by igreaterthanu · · Score: 5, Informative

    Why would you upload private data to some file hosting site? These (e.g. RapidShare) aren't the kind of services where you can modify files after uploading (such as Dropbox), so encryption is not much of a hassle. You have no reason not to encrypt the files before uploading them.

    --
    I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
  2. Re:Bogus by Beryllium+Sphere(tm) · · Score: 4, Informative

    At a guess, an embedded URL that's loaded automatically when someone opens the document, for example an IMG tag.

  3. Re:Bogus by Opyros · · Score: 4, Informative

    I suspect it means a Web bug, aka a Web beacon.

  4. Re:Encrypt Everything Private by TheEyes · · Score: 4, Informative

    But in order to actually use encrypted data, it has to be decrypted at some point, so the rootkit just needs to wait for you to decrypt it. In the case of say, full disk encryption, this is rather easy.

    The idea is that you encrypt the file you send to the filesharing site, that way when the filesharing site is hacked all the attackers get is an encrypted file. In fact this is a "perfect" use for data encryption: the file is never decrypted on the remote machine, only on your local one, so stealing the data off the remote site can never give an attacker access to anything but cyphertext.