For those of you using DropBox

Ramy · Apr 8, 2011

http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

Hall · Apr 10, 2011

It appears to me that this is a bit of an exaggeration...

This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox...

This "config.db" file is on the user's machine so how does an attacker get it ? If they have access to the machine, who the hell cares about Dropbox's security, or lack of ?

rockymtnhigh · Apr 10, 2011

Hall said:
It appears to me that this is a bit of an exaggeration...

This "config.db" file is on the user's machine so how does an attacker get it ? If they have access to the machine, who the hell cares about Dropbox's security, or lack of ?

Agreed. I read that story and thought the same thing.

Sent from my iPad using SatelliteGuys

Hall · Apr 10, 2011

rockymtnhigh said:
Agreed. I read that story and thought the same thing.

Every piece of software and every operating system can be susceptible to this same security "issue".

diogen · Apr 11, 2011

This type of vulnerability (if important) is addressed by two-factor authentication.
"What you have" is compromised, "what you know" isn't...

Diogen.

Search

Search

For those of you using DropBox

Ramy

The Star Wars Collector Podcast

Hall

SatelliteGuys Master

rockymtnhigh

Hardly Normal

Hall

SatelliteGuys Master

diogen

SatelliteGuys Pro

Similar threads

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Latest posts

Share this page