.
.
.
Related Links
Dropbox Security Flaw Allowed Open Access to All Accounts
Date: 2011-06-20 20:14:59
According to a post on pastbin by Christopher Soghoian, a Washington, DC Security and Privacy Researcher, for a four hour period yesterday, any dropbox account could be accessed using any password.
According to Geek.com, Dropbox found out because a friend of Christopher Soghoian accidentally fat fingered their password and noticed it. That person tried it again then tried a different person's account with the same result. Had that person not contacted dropbox's helpdesk, the problem may have gone on for much longer.
DropBox has posted a blog response detailing the incident.
Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm.
We’re conducting a thorough investigation of related activity to understand whether any accounts were improperly accessed. If we identify any specific instances of unusual activity, we’ll immediately notify the account owner. If you’re concerned about any activity that has occurred in your account, you can contact us at support@dropbox.com.
If you're not familiar with Dropbox. It is an online file backup, sharing service. Once you create a Dropbox account, you can copy files to your Dropbox from one computer and they will automatically synchronize across multiple devices and be available in a web Dropbox via browser.
Category: Vulnerability
Subcategory: Storage
|
Don't become a news story... |
|
| ISBN: 978-0615456850 |
Knowledge is the best home security. |
.
|
|
||
|
Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved. |
|
|
 |
.
