Posts

Showing posts from August, 2012

DROPBOX DROP THE BALL ..

My last blog touched on the DropBox hack.   It seems that they have now decided to rectify the situation.  ( DropBox Fix security )  But many clients have been left wondering.  How at risk was I and now am I ?   I wonder how much it has impacted their reputation ?    Do you entrust your personal and/or corporate data to them or to any of the other Cloud services out there.  The better known ones are Google Drive,  Evernote, Box,  YouSendit, Sugarsync,  MS SkyDrive and Egnyte.   If so then you should be concerned.   Why?  Because all of these services rely on you proving who you are merely through the provision of a user name and password.    Why is that so bad?   Because nowadays you can get password breakers off the Internet that will crack most passwords in seconds. ( Password cracker ) .   New sites are being hacked every day with serious consequences for the them and their users (i....

DROPBOX HACK – WHY YOU SHOULD CARE ?

DropBox is flying as a company.  More and more of us are entrusting our data to their servers in the Cloud.    I am one of those.  The service is great, it works and it works from multiple devices.  However there is just one thing.  It is not secure.  Read about their latest breach here. ( http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/ )  and also here ( http://gigaom.com/cloud/dropbox-yes-we-were-hacked/ ) I have been going on about passwords and their manifest weakness for months here and in other media.   DropBox have come back to their customers saying that they promise to do more – better passwords – better security …..blah blah blah. So what kind of solution should they use? Well first of all they have millions of customers.  So whatever they go for is going to have to be easy to deploy and should not require the distribution of some kind of hard token OTP generator a la all of...