And if anyone can access and modify it, you run the risk of something much worse.ĭropbox can also automatically synchronise your own files between all your various devices, such as your desktop PC, your Mac laptop and your smartphone. If anyone can download it, you run the risk of data leakage.
(In fact, if you’re not careful with USB keys, they may pose a larger risk than sharing web links, since the USB key may contain other files – such as malware – besides the spreadsheet you just saved on it.)īut the safety of a web link allowing you to share a file “through the cloud” depends very strongly on who’s able to access that link. In theory, the risk of this should be no worse that me copying the file to a USB key and letting my colleagues copy it from there. If I’m working at home and have a huge spreadsheet which I know my IT manager won’t let through the email gateway, I can just upload it to Dropbox and share the resulting web link with my colleagues. One popular use of services like Dropbox is to get around the restrictions many companies put on emailing around large files. Facebook did something similar last year, leading to Mark Zuckerberg’s own fan page being hacked.) (Dropbox isn’t alone in having made this sort of mistake. So you could log in to other people’s accounts without knowing their passwords at all. Unlike the majority of data breaches we’ve reported on lately – where usernames and passwords were stolen, allowing attackers and miscreants to access other people’s accounts illegally – Dropbox’s “hack” was of a more embarrassing sort.Īpparently, Dropbox published a code update which inadvertently removed the need to authenticate. Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they’ve entrusted to the service, following the company’s admission that it messed up its access controls for several hours.
0 kommentar(er)
