Federal Trade Commission alleging Dropbox misled users about the privacy and security of their files. In May 2011, a complaint was filed with the U.S. this 'flaw' exists with any service that uses cookies for authentication (practically every web service)." May 2011 data deduplication and employee access In reality, at the point an attacker has physical access to a computer, the security battle is already lost. In explaining the issue, Newton wrote: "This means that if you gain access to a person's config.db file (or just the host_id), you gain complete access to the person's Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface." He updated his post in October 2011 to write that "Dropbox has release version 1.2.48 that utilizes an encrypted local database and reportedly puts in place security enhancements to prevent theft of the machine credentials." A report from The Next Web featured a comment from Dropbox, in which they disagreed with Newton that the topic was a security flaw, explaining that "The researcher is claiming that an attacker would be able to gain access to a user's Dropbox account if they are able to get physical access to the user's computer. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data concerns about Dropbox employee access to users' information July 2012 email spam with reoccurrence in February 2013 leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption the leak of 68 million account passwords on the Internet in August 2016 and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.Īpril 2011 user authentication file information ĭropbox has been criticized by the independent security researcher Derek Newton, who wrote in April 2011 that Dropbox stored user authentication information in a file on the computer that was "completely portable and is not tied to the system in any way".
Criticism of Dropbox, an American company specializing in cloud storage and file synchronization and their flagship service of the same name, centers around various forms of security and privacy controversies.
0 kommentar(er)
