Slashdot Mirror

← Back to Stories (view on slashdot.org)

File-hosting Sites Not a Safe Haven For Private Data

Posted by timothy on from the but-then-nowhere-really-is dept.

An anonymous reader tips a story at the Register, according to which "Academic researchers say they've uncovered weaknesses in dozens of the most popular file hosting sites that allow people to gain unauthorized access to data that's supposed to be available only to those selected by the user."

7 of 134 comments (clear)

  1. Encrypt Everything Private by Deathlizard · · Score: 4, Insightful

    Just another reason why you should be using file encryption such as Truecrypt to encrypt everything personal.

    Even if it's on your own hard drive. You're only one rootkit away from giving it away to the world.

    --
    In Soviet Russia, Trojan exploits YOU!
    1. Re:Encrypt Everything Private by x*yy*x · · Score: 4, Insightful

      Crypting your data won't save it from rootkit...

  2. All security is through obscurity by sco08y · · Score: 5, Insightful

    “These services adopt a security-through-obscurity mechanism where a user can access the uploaded files only by knowing the correct download URIs,” the researchers wrote in a paper presented at the most recent USENIX Workshop on Large-Scale Exploits and Emergent Threats.

    Hey, guess how passwords work? They're hard to guess. How do biometrics work? Your fingerprints are hard to replicate. How do keycards work? It's hard to guess whatever code is stored in it. All security ultimately comes down to some token that is "obscure."

    All security is through obscurity. If these sites are being accessed when they shouldn't, it means that there's an information leak, that is, the owners think (or claim) that it is far more obscure than it really is.

  3. Re:Encryption by hairyfeet · · Score: 4, Insightful

    Because you get some dumbass that can't be arsed to bring a flash stick to work and/or they aren't allowed to use a flash stick, so they just upload it to Rapidshit? Hell nobody reads anything or actually thinks anymore, even to this day you can look on any P2P site for the formats that taxes and other personal data are kept in (such as QuickBooks files) and literally find thousands upon thousands of morons sharing their entire C: drive because they don't bother to think.

    To me that is the sad and/or scary part: Your security is only as strong as the biggest moron in the group and when it comes to computers the level of stupid out there is frankly mind boggling.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  4. Re:Encryption by currently_awake · · Score: 4, Insightful

    Considering the cost of hard drives there is no good reason to keep anything in the cloud except for stuff you want to share (free hosting file server).

  5. Re:How about by wvmarle · · Score: 5, Insightful

    It is on a remote site, out of your control, so it's not secure. End of story.

    Encrypt before it leaves your system if you want to keep it secure. Or only store data on such sites that you really don't care if it becomes public.

    And even if there really are no remote security holes, anyone with admin/root access to the servers can access your data. Without you knowing.

  6. Confucius Say... by seven+of+five · · Score: 4, Insightful

    "He who trusts private data to remote host has head in cloud..."