Main Area and Open Discussion > Living Room

Dropbox Security Failure

<< < (3/3)

Stoic Joker:
Well... Here's what I find troubling:
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts-The Article
--- End quote ---

Passwords were stolen from "other websites" ...(Hm.../...And the buck pass goes for the long bomb!)... Anytime something is worded that carefully...somebody is full of shit.

The confusion is being caused by that key yet carefully misworded statement.

f0dder:
It's more social hacking than anything else, I think.
-wraith808 (August 02, 2012, 07:49 PM)
--- End quote ---

I think the word just came to me, though it still isn't quite fitting. Perhaps a more appropriate title would be: "Dropbox Security Exploited"
-Deozaan (August 03, 2012, 03:26 AM)
--- End quote ---

I guess it doesn't really matter... other than the fact that I don't think this has anything to do with dropbox security.  If I give my password to someone and they use it to access my account, is it the system's fault?  Pretty much, this is the same thing- the passwords were already compromised, and the people in question didn't change it on their accounts.-wraith808 (August 03, 2012, 06:47 AM)
--- End quote ---
It might not affect the security of the dropbox software directly (but as has been shown previously, that was already bad enough).

But do consider that employees can access your files - that was one of the flaws shown previous (dropbox claimed they couldn't, and later kinda fuddle-backtracked trying to claim that "our CEO can, but he's not an employee"). If dropbox employees are that easy to social-engineer, and they keep stuff like usernames and email addresses under so little security...  :-\

Navigation

[0] Message Index

[*] Previous page