During the event, Usenix Security Symposium, some security experts SBA Research (Austria) have shown that the archived files with Dropbox cloud storage service could be accessible to others without authorization with three types of attacks. The vulnerabilities were discovered last year, but have only now been made public to allow Dropbox to close dangerous loopholes.

In the first type of attack allowed the researchers to falsify the hash values ​​that should identify the data blocks stored on the “cloud” of Dropbox. In practice, these values ​​Dropbox checks to see if the data already stored on the cloud correspond to the links of the user that sent the hash. Once an unauthorized access has been granted by Dropbox, the account holder has not violated any way of knowing that your files can be viewed by others.

The second type of attack is allowed to steal the victim’s host ID Dropbox, which is a 128-bit key generated by using Dropbox specific factors such as user name, date and time. Once the host ID of the victim, the attacker could replace your own with this, and with a subsequent sync download all files on the victim.

The third attack exploits a feature that allows you to Dropbox request documents via SSL to a particular URL.

These three types of attacks could be used to steal data from organizations or businesses that use Dropbox or to hide files within the cloud Dropbox without the documents could be mapped to the hacker, who could have made the ‘ upload from a computer without a hard drive using a Linux live CD, and then without a trace.

Dropbox 1.1.40, which now has a new type of encryption in the database, closes this dangerous vulnerability and also improves compatibility with Mac OS X Lion. In addition the update fixes a bug that on rare occasions could cause the Finder to crash the application is started.

Tagged with:  
Comments

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

  • Documentation
  • Plugins
  • Suggest Ideas
  • Support Forum
  • Themes
  • WordPress Blog
  • WordPress Planet
wordpress themes