Another Cloud Security Failure - this time dropbox

[bekdik]

http://www.wired.com/threatlevel/2011/06/dropbox/

At a time when hackers are on a tear looting information willy-nilly from insecure sites on the Web, Dropbox did the unthinkable Sunday — it allowed anyone in the world to access any one of its 25 million customers’ online storage lockers — simply by typing in any password.

Dropbox, one of the most popular ways to share and sync files online, says the accounts became unlocked at 1:54pm Pacific time Sunday when a programming change introduced a bug. The company closed the hole a little less than 4 hours later.

Cloud security is the biggest concern of potential users and this kind of failure reinforces the concern.

 

[noswal]

If you save stuff to the cloud and its important then encrypt it locally.

 

[TJ99]

Fortunately my password database is encrypted itself, so I don't need to rely on Dropbox's notoriously crappy security.