TechSpot

Dropbox bug let users access accounts without a password

By Matthew
Jun 21, 2011
Post New Reply
  1. Dropbox yesterday announced the discovery of a bug that disabled the company's authentication mechanism. The flaw was introduced in a software update issued over the weekend and allowed accounts to…

    Read the whole story
     
  2. TJGeezer

    TJGeezer TS Enthusiast Posts: 385   +10

    Innocent glitch with a competent investigation being conducted afterward? I find it forgivable. But it underscores why many companies shy away from the cloud despite all the promotion and hoopla. Same problem many companies have had with software as a remote service. Not that most companies are masters of security, but at least they do control their own firewalls, or try to.

    IIRC, Dropbox doesn't provide SSL connections or encrypted storage. Keeping sensitive data there doesn't make sense, though I do use Dropbox as a convenience all the time. It's fast, it's convenient and it's automatic. If I also want security, I'll store a small TrueCrypt virtual disk there. It's not so very difficult.
     
  3. Rick

    Rick TechSpot Staff Posts: 6,305   +52 Staff Member

    Dropbox does provide SSL connections and file encryption on the server as well. Maybe when the service was first introduced it didn't though, but it has for as long as I can remember (at least a couple of years ago).

    However, I think we can all agree that you should NOT be putting sensitive data on Dropbox.
     
  4. This is the problem with "the cloud". If you want to keeps things secure keep them under your own supervision and/or keep them encrypted.
     
  5. Hey, TechSpot, it's time for another article telling how great DropBox is and how to use its features. Send them an e-mail. Maybe they will accept an offer to deal with.

    Like the previous time, when another security related problem of DropBox came up. Treat us like we're fools, again.
     
  6. Scott8090

    Scott8090 TS Rookie Posts: 49

    Gezz harse on companies much? No network is fully secure. A flaw always exists. Always a possiblily of a breach. With IT staffs understaffed and under budgeted it only adds to the problem. So what a slip up, their a company its going to happen sometime gezz. To not forgive a company security slip up only shows the lack of knowledge in regards to network security. Its not nice that it happened but its damn good Dropbox covered their users and their name. Look at sony anyone? All user names on both psn network and sonypictures.com were unencrpyted...now thats something to complain about.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.