Dropbox recently restored years-old "deleted" files for some customer accounts by accident, drawing attention to a potential privacy problem. Files supposedly deleted by customers from the company's servers were instead retained for as long as eight years, according to several reports over the past few weeks.
Hackers don't even need your password anymore to get access to your cloud data. Newly published research shows how a "man-in-the-cloud" attack can grab cloud-based files – as well as infecting users with malware – without users even noticing.
The attack differs from traditional man-in-the-middle attacks, which rely on tapping data in transit between two servers or users, because it exploits a vulnerability in the design of many file synchronization offerings, including Google, Box, Microsoft, and Dropbox services. This is not just an issue for consumers, but also businesses, which increasingly use cloud-based services to share sensitive customer and corporate data.Read more
Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information. In fact, 1 in 5 employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company.
The SailPoint survey also found a clear disconnect between cloud usage across the business and existing IT controls with a lot of users able to access those cloud storage applications after leaving their last job. Despite that some employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company.Read more
Nearly 7 million usernames and passwords from Dropbox, the free cloud service for storing your photos, videos, and documents across devices, were leaked onto the internet. And just days prior former NSA contractor recommended that users drop Dropbox if they wanted to protect their privacy.
Dropbox is standing firm on its position that its service is fully encrypted, and denies responsibility for the leak of emails and passwords, many of which have been expired for some time now. Dropbox instead shifts the blame to users and third parties stated that these usernames and passwords had been unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.Read more
NSA whistleblower Edward Snowden dropped his two cents on file storage security in an interview with The Guardian on Thursday.
He thinks Dropbox, the cloud storage firm with over 200 million users, is “hostile to privacy,” and urged people to switch to what he calls more-secure storage services like SpiderOak. “Dropbox is a targeted wannabe PRISM partner,” Snowden told The Guardian. “They just put Condoleezza Rice on their board, who is probably the most anti-privacy official you can imagine … So they’re very hostile to privacy.” Snowden said that a company like SpiderOak is better because it offers “zero knowledge,” a term used to describe services that have zero access to the data they are storing on their servers.Read more
File sharing service Dropbox has been under attack by intern users this weekend after its appointment of Condoleezza Rice, the former Secretary of State to George W. Bush, to its board of directors.
However, privacy and civil liberties groups have responded by calling on users to boycott Dropbox until the company removes Rice.
They stress that their objection isn’t political and that “there is no doubt that Condoleezza Rice is an extremely brilliant and accomplished individual”. Instead they stress four main points of objection: that Rice was one of the main architects of the Iraq War.Read more
On assurance of service administration, they needed a person with experience in international affairs in order to resolve problems in foreign countries where the service is forbiden (for example, in China).
There are 3 interesting things:
First, most of us remember well how Rice can solve the problem. Secondly her firm RiceHadleyGates is a Dropbox advisor long ago, and thirdly we can recall the recent story about how Dropbox did not give the user to share the pirate movie file, in some sly way determining that it was pirate, while solemnly assuring that Dropbox do not touch files (actually touch, but it seems like only pablike and by comparing hashes, but that's another topic).Read more