Is Dropbox safe for users?

I’m sure everyone has used Dropbox to upload important documents, and priceless photos that they would like to have access to anywhere, forever, right? Dropbox is a free, cloud based storage service that allows users to upload documents, photos, and videos using a computer, and share them using a tablet or mobile device. This file hosting service is used by over 175,000 people around the world including in some businesses. But what if I told you that your private files can be hacked?

About a year ago, Dropbox was hacked, which prompted the company to add extra security protection such as encryption and “two factor authentication” which were put in place as enhancements. Well, it seems as if that extra security protection that was added, wasn't as great as Dropbox thought it was.

Two security researchers named Przemyslaw Wegrzyn and Dhiru Kholia were able to zoom past Dropbox’s security features, access users files, then published a paper on how it was possible! Crazy right? First thing first, the researchers disabled the two protections that were put in place, then tried “reverse engineering” which allowed them to look at the programming code that Dropbox uses. Although the researchers shouldn't have been able to view the programming code, they were successful. The whole idea was to protect Dropbox and share with the company on how to be more secure.

Since the published paper, in April of 2014, Dropbox has tightened security and added multiple updates to “Dropbox for Business”, which will target businesses and IT professionals who will administer the service. But is it enough?

 This case is just another way to remind you that internet safety and security is very important. Be careful when using sensitive information on the web, and on different web applications. You will never know when your information may become compromised.

Dropbox is still the leader in cloud based storage service. 

To read the published article "Looking inside the (Drop) box", click here.

References:

http://www.businessinsider.com/researchers-prove-dropbox-can-be-hacked-2013-8

http://readwrite.com/2013/08/28/dropbox-hacked-reverse-engineered-client#awesm=~oBxuxQC3OafIvw

http://www.cmswire.com/d/dropbox-p001128

http://en.wikipedia.org/wiki/Dropbox_(storage_provider)

So you thought you were safe on a Mac? LOL

Apple SSL Vulnerability Affects OSX Too  - ThreatPost


Being an avid Apple user, I have had to crush the dreams of several other Apple fans when it comes to the security of their beloved operating system.  I switched from using a Windows based PC to an Apple  full-time shortly after being subjected to Vista.  Though I had never owned an Apple of my own until that point, my husband and several friends have always preferred their computers over mine, boasting about how secure they were and how vulnerable I was.  No matter who would make the comment, I would let them know that they were never any more secure than I was, and in fact could be more vulnerable.

Mac's operating system was not built more secure than Window's OS, there is no magic code that Apple has implemented that has made their OS insusceptible or invisible to hackers.  Less people used Macs.  More importantly to hackers, less BIG business money makers used Macs.  If a hacker was looking to threaten a massive audience, or to steal valuable information, then the amount of time they spent searching for a vulnerability and then implementing a strategy had better be a sure bet.  And with most of the world running on the Window's OS, this is their market!  At least it was...

And it was this lack of a customer base using Apple's OS that gave users the facade that they were "safer" than their PC counterparts.

Now, the story of the century!  Oh my goodness, the impenetrable Apple OS has a security vulnerability!  I can't believe Apple would do this to US, it's beloved users!

How shocked would we be if Windows announced a security vulnerability was discovered?
Don't even get me started on the updates and patches to Windows that go almost unnoticed...almost.

Oh, COME ON!  Give me a BREAK!  Just one day before, Google released an update for Chrome to fix several high-level vulnerabilities:

Google Fixes 28 Security Flaws In Chrome 33 - ThreatPost

So a high-level security vulnerability has been discovered in Apple's OS, and we know this NOT because of any malicious attack or attempt, but because Apple has released an update to iOS to fix this issue and is creating a fix for OSX.  And to that affect, I say thanks to Apple for releasing an update before  a hacker discovered the vulnerability!

Defining Web Application Security

As web applications are becoming increasingly more complex and dynamic, so are the

malicious actions taken on them. The security of a web application or service is vital to maintain

proper function of the application, protect the users of the application, and protect the data

transferred through or stored by the web application. Every application has vulnerabilities, and

being able to detect them and protect against threats is the first step in protecting information

through web application security.


In an effort to raise awareness of threats to software, and to enhance the security of

applications, the Open Web Application Security Project (OWASP) started the OWASP Top Ten 

Project that “represents a broad consensus about what the most critical web application security

flaws are”. This project details the most common risks to applications, educating others on how

to identify security vulnerabilities and steps to prevent, or mitigate, threats to web applications

and software. As of 2013, OWASP has identified the following as the top 10 web application

security risks:

     1. Injection

     2. Broken Authentication and Session Management

     3. Cross-Site Scripting (XSS)

     4. Insecure Direct Object References

     5. Security Misconfiguration

     6. Sensitive Data Exposure

     7. Missing Function Level Access Control

     8. Cross-Site Request Forgery (CSRF)

     9. Using Components with Known Vulnerabilities

     10. Unvalidated Redirects and Forwards


This list does not include all of the risks to web applications, and not all of these risks pertain to

individual applications.


The purpose of this blog is to provide knowledge and understanding of the web application

security standards today. Follow us as we answer the questions relevant to securing

information on the world wide web:

     • What is a threat?

     • How do you detect breaks in the security of a web application/service?

     • What steps can be take to protect information?


Knowing the web application, and knowing the users, will help identify relevant risks. The most

powerful tool in securing an application is to continuously improve the security.