News Categories

Shell & Desktop Enhancements

Links



Insecurity of the Dropbox cloud storage service
Saturday, 16 April 2011 10:33

 

The security of the Dropbox service, which is a cloud storage, has been doubted by a researcher.
Dropbox is a poster boy for the promising cloud storage sphere and belongs to highly demanded cloud storage services. One has to add a special folder to the hard disk of PC. When you put files into it, they are uploaded automatically to the area of Dropbox's cloud storage. This way after its installation on different computers, mobile gadgets, you can sync files across all these devices. Moreover, Dropbox is able to serve you as a cloud backup service.
The security problem was discovered in the Dropbox client program, in the authentication issue.
Derek Newton, security researcher, has found out that authentication requires permanent hash code identified by the computer. Any person who can determine this hash, which is actually kept on the hard disk, is able to sync Dropbox files of the user on any device and will not even need a  username for it and certainly no password as well. But what is the worst part of this all is the fact that the user will not even know about the access obtained by the third part, if not they test it online to find out what computers have access to the account.
If that happens, change of password will not help. This resembles a lifetime access to the account though the withdrawal of  the hash code can solve the problem. The person will have to unauthorize the computer after hash code was compromised and this is certainly not an easy task to do.
Security experts offer the make the code unique for every device, but advocates of online privacy are against this move.

The security of tInsecurity of the Dropbox cloud storage service he Dropbox service, which is a cloud storage, has been doubted by a researcher.

Dropbox is a poster boy for the promising cloud storage sphere and belongs to highly demanded cloud storage services. One has to add a special folder to the hard disk of PC. When you put files into it, they are uploaded automatically to the area of Dropbox's cloud storage. This way after its installation on different computers, mobile gadgets, you can sync files across all these devices. Moreover, Dropbox is able to serve you as a cloud backup service.The security problem was discovered in the Dropbox client program, in the authentication issue.

 

Derek Newton, security researcher, has found out that authentication requires permanent hash code identified by the computer. Any person who can determine this hash, which is actually kept on the hard disk, is able to sync Dropbox files of the user on any device and will not even need a  username for it and certainly no password as well. But what is the worst part of this all is the fact that the user will not even know about the access obtained by the third part, if not they test it online to find out what computers have access to the account. If that happens, change of password will not help.

This resembles a lifetime access to the account though the withdrawal of  the hash code can solve the problem. The person will have to unauthorize the computer after hash code was compromised and this is certainly not an easy task to do.Security experts offer the make the code unique for every device, but advocates of online privacy are against this move.