DROPBOX DROP THE BALL ..
My last blog touched on the DropBox hack. It seems that they have now decided to rectify the situation. (DropBox Fix security)
But many clients have been left wondering. How at risk was I and now am I ?
I wonder how much it has impacted their reputation ?
Do you entrust your personal and/or corporate data to them or to any of the other Cloud services out there. The better known ones are Google Drive, Evernote, Box, YouSendit, Sugarsync, MS SkyDrive and Egnyte.
If so then you should be concerned.
Why? Because all of these services rely on you proving who you are merely through the provision of a user name and password.
Why is that so bad? Because nowadays you can get password breakers off the Internet that will crack most passwords in seconds. (Password cracker) . New sites are being hacked every day with serious consequences for the them and their users (i.e. you) – LinkedIn, eHarmony etc etc.
That means your personal and corporate information is available to anyone who can access (or guess) your password and then log into your account.
DropBox have, as a consequence of being hacked, recently added two factor authentication as an OPTION. Even then it is a fairly convoluted process that does not convey the sense of urgency that it should. At least it will provide some level of comfort for those who bother to set it up.
However it is not infallible and these solutions are still prone to attack – particularly to MITM and MITB attacks. There is also the added cost to them of SMS delivery. (They don’t come for free!!) This will need to be passed on to their customers. So watch the subscription fees go up.
What is the bottom line?
Do you entrust your data to the Cloud and hope that no one will hack you? The Cloud is here to stay - we have all become reliant upon in some shape or form. Clearly security needs to move along.
Start making a noise about security and how inadequate it is and they may start listening to you.
In my next Blog – I will review (LiveEnsure) – give some of the updates and explain why it really is the best solution for this type of application.
Yesterday I discussed the new DropBox security system they have instituted following a recent breach. It is optional and requires the user to register a mobile number to which a six digit code ( OTP) is sent when you log-in from a new device or want to make any fundamental changes e.g. new password etc.
ReplyDeleteI have gone through the process and registered my mobile and i was sent the OTP in the process. However when i then tried to log on from a new device and I was sent the code - it did not work. The code was deemed wrong despite getting it resent a few times. So it seems that more work required to smooth out the wrinkles.