Security News

<< Next Post - Previous Post >>

Worrying trends with Dropbox

Dropbox is a very convenient way to synchronise data across locations and devices, it is one of the leader for in the cloud storage solutions. However, it has lately gathered some attention for the wrong reasons.

There has been a recent upset about the false claims (or incorrect depending where you stand on this) that no-one could decrypt your data on their data centre, including their staff. Well, it turned out it was no-one *excluding* their staff.

As explained in this article on TECHREPUBLIC

That’s fair enough, so as long as they have the right processes and due diligence in place your data should be safe into their hands, you can trust their staff.

Or can you?

Today, it appeared that while updating their backend code, anyone could connect to any user account without a password.

This, is pretty bad! one can question how really secure they are and will be! if the risk mitigation of their staff accessing your data is that they have good security processes in place how does that translate into testing and signing off their code. If anything, it shows a lack of robust basic QA processes at the core of their product!

Dropbox does provide some TIPS TO SECURE DROPBOX so you can use some 3rd party encryption tools such as EncFS (Free but only Linux and MacOS through MACFuse),SecretSync and BoxCryptor (only windows and Linux, but also compatible with EncFS).

I never thought this was really needed on Dropbox, until now!

There is also a mention of Truecrypt, butI don’t think it is a good option… As highlighted in the article, Dropbox’s performance is enhanced by the fact it only transfer delta changes. So for this storage technology not to be crippled, any encryption mechanism must follow the same delta changes update rule. With true crypt the whole encrypted volume will have to be updated and only after it has been unmounted.

<< Next Post - Previous Post >>