It is surprising to me that organizations like Dropbox seem to think that it is safe to store documents on their service and share them using a secret URL.Īre we really supposed to believe our data is protected and that no one will discover our magic link?ĭropbox security issues aren’t really anything new. In a blog posted on 5 May, Dropbox claims to have fixed the flaw without providing any detail as to how they went about resolving the issue. If you shared the “encrypted” document with a friend using the “secret” URL and your friend clicked on a link in that document, you would leak the “secret” URL to the site hosting the link and anyone else observing your traffic (for non-HTTPs links). The flaw involved uploading a document to Dropbox that contained links and then sharing the document with a friend. Surprisingly, the latest installment in the Dropbox story involves these so-called secret links (you thought I was going to say Sasquatch again, didn’t you?).
Let me start out by saying that I am not foolish enough to believe in the tooth fairy, Sasquatch (aka Big Foot) nor secret links.
0 kommentar(er)
