Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware

Discussion in 'other security issues & news' started by Minimalist, Aug 5, 2015.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    http://www.darkreading.com/cloud/ma...-google-drive----sans-malware-/d/d-id/1321501
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    LOL, that's why you should never use these services for storing important data. Or even better, don't use them at all.
     
    Last edited: Aug 8, 2015
  3. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    By your logic, nobody should ever use a computer. Or telephone. Or e-mail.

    Social engineering isn't a new vulnerability and it isn't unique to cloud services.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Nope, it's just not a smart idea if you ask me, when it comes to data storage. I've never been a fan of these cloud based services.
     
  5. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    Because of social engineering? Because that's what the attack was. Nothing is invulnerable to social engineering attacks.
     
  6. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
    Agreed. I don't like cloud-storage as well, and so when I need to use them I first encrypt the files, make a sha512sum of them, and then store these sums into a very safe place. Then I download the file, check the sums, and if they're OK I de-crypt them.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    amarildojr has a good approach to the matter. So long as the PW/PP is Very strong ! But why trust Anybody else with your data/files etc ? I don't. Plus ALL clouds have real time streaming via fat pipes to you know who. Even if right now some can't be decrypted, @ some point they might be able to ! If it's stuff that's confidential etc, it might not matter, but it's still your stuff, not theirs !
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I understand what you're saying, but my point is that it's never a good idea to store important data in the cloud. They basically proved that these type of services can be owned with a simple attack method, that's also hard to discover. But I have to admit, this "Switcher" tool does sound a lot like malware to me, so it's indeed nothing new.
     
  9. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    agree with this. not sure what the use is anyway since i got plenty of local HDD storage. when Dropbox got caught changing their TOS and wanted to claim they owned your files i said no thanks. when someone's gonna do you a favor and give you something for "free" watchout, because there's almost always a catch.
     
  10. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,985
    Location:
    Brasil
    That's why Hash verifications are good. Not only it's REALLY hard to crack a good passphrase, it should be really hard to "fake" a 512sum.
     
  11. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Or use them for data that you want to be public. I have a decade long history of community activism on Google's servers across several accounts and services. Using Google for this was a conscious choice because a lot of it is correspondence with people in government who were not being transparent in any way and were trying to do run arounds and make decisions in secret that had huge impacts in local communities without being accountable to those communities.
     
Loading...