DROPBOX DROP THE BALL ..


My last blog touched on the DropBox hack.   It seems that they have now decided to rectify the situation.  (DropBox Fix security

 But many clients have been left wondering.  How at risk was I and now am I ?  
I wonder how much it has impacted their reputation ?   

 Do you entrust your personal and/or corporate data to them or to any of the other Cloud services out there.  The better known ones are Google Drive,  Evernote, Box,  YouSendit, Sugarsync,  MS SkyDrive and Egnyte.  

 If so then you should be concerned.  

 Why?  Because all of these services rely on you proving who you are merely through the provision of a user name and password.   
Why is that so bad?   Because nowadays you can get password breakers off the Internet that will crack most passwords in seconds. (Password cracker) .   New sites are being hacked every day with serious consequences for the them and their users (i.e. you) – LinkedIn,  eHarmony etc etc. 

 That means your personal and corporate information is available to anyone who can access (or guess) your password and then log into your account.  

 DropBox have, as a consequence of  being hacked, recently added two factor authentication as an OPTION.  Even then it is a fairly convoluted process that  does not convey the sense of urgency that it should.   At least it will provide some level of comfort for those who bother to set it up.  

 However it is not infallible and these solutions are still prone to attack – particularly to MITM and MITB attacks.   There is also the added cost to them  of SMS delivery.  (They don’t come for free!!)   This will need to be passed on to their customers.   So watch the subscription fees go up. 

 What is the bottom line?  

 Do you entrust your data to the Cloud and hope that no one will hack you?  The Cloud is here to stay - we have all become reliant upon in some shape or form.  Clearly security needs to move along.  

 Start making a noise about security and how inadequate it is and they may start listening to you.    

 In my next Blog – I will review (LiveEnsure)  – give some of the updates and explain why it really is the best solution for this type of application. 

Comments

  1. Ross Macdonald29 August 2012 at 01:15

    Yesterday I discussed the new DropBox security system they have instituted following a recent breach. It is optional and requires the user to register a mobile number to which a six digit code ( OTP) is sent when you log-in from a new device or want to make any fundamental changes e.g. new password etc.

    I have gone through the process and registered my mobile and i was sent the OTP in the process. However when i then tried to log on from a new device and I was sent the code - it did not work. The code was deemed wrong despite getting it resent a few times. So it seems that more work required to smooth out the wrinkles.

    ReplyDelete

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

HSBC EMBRACES OLD TECHNOLOGY IN ITS BATTLE AGAINST HACKERS

 If you live in the UK and are somehow involved in the business world and exposed to media you could not help but have noticed the extensive advertising campaign that HSBC has been running on its new (sic) ‘security device’ for online banking - Secure Key.    ( I was tempted to refer to them as  ‘ large UK bank’  - but it is so obvious who it is – no point in pretending. ) A lot of money has been thrown at this campaign – I would guess millions.  ( http://www.youtube.com/watch?v=Jx0Z5CiQMIw )   Full page spreads in large circulation newspapers cost big bucks not to mention prime time TV slots.   So here you have the worlds largest retail bank splashing millions on advertising and even more on a ‘cool’ little device that looks like a mini-calculator  - but basically a technology that has been around for about a decade.   This will be rolled out to 4m retail customers worldwide at a reported cost of up to £50 per pop! ( http://www.bankingtech.com/bankingtech/article.do?articleid=200002
Read more