Posted May 6, 2014 Quotes from BBC News source: http://www.bbc.com/news/technology-27285786 People using file storage services, such as Dropbox and Box, are being warned that they are at risk of inadvertently leaking their own files. Intralinks - which is a competitor - said it found sensitive files, such as mortgage records. The problem centred on the use of the services' sharing function that generated a public link. As a precaution, Dropbox has disabled access to links that have been previously shared. It said it had also implemented a patch to prevent shared links from being exposed from now on. "We realise that many of your workflows depend on shared links, and we apologise for the inconvenience. We'll continue working hard to make sure your stuff is safe and keep you updated on any new developments," the company said in a blog post. "We're working to restore links that aren't susceptible to this vulnerability over the next few days." Box has not responded to the BBC's request for a comment. Security researcher Graham Cluley said identity thieves could use the method to "scoop up" data. "I think these services need to be more upfront with warnings," he told the BBC. However he added that the problem was not a security flaw as such, but instead an unexpected consequence of user behaviour. Dropbox, Box and most other cloud hosting services often give users the option of creating a shareable web link for their files. It means users are able to simply send a web address - made up of a string of letters and numbers - for someone to directly download a file without needing to log in. Because of the complexity of the link, it is very difficult to guess - meaning that while the link is technically public, it is unlikely anyone would be able to access it by chance. However, Intralinks discovered that the links were being exposed in two ways not previously considered. Firstly, it discovered that shared links were often appearing in websites' referral data. Many websites look at referral data when analysing their traffic to get an insight into how visitors got to their site. Intralinks found that if a link to a website is included in a file shared on Dropbox, and subsequently clicked within the web viewer, the website owner would see the shared link in its referral data - and therefore be able to access the file. Dropbox said its patch has now fixed the problem. Furthermore, the company had been running a Google advertising campaign, and had paid to have an advert for Intralinks appear in Google's search results whenever someone searched for "Dropbox" or "Box". Companies that use Google's search advertising service are sent an anonymised breakdown of what users had searched for in order to find their advertising. Intralinks found that many people would put the entire shared link into a Google search box, and therefore Intralinks would subsequently see those links in the breakdown data from Google. While copying and pasting a download link into Google's search engine might appear to be odd behaviour, Intralinks said "a few hundred documents" were exposed to them in this way. Dropbox's patch has not addressed this particular problem, Mr Cluley said. Intralink's chief technology officer for Europe, Middle East and Africa Richard Anstey said: "Most internet users have, at one time or another, accidentally pasted a link into the search bar of their favourite search engine whilst intending to paste it into the internet address bar - it's an easy mistake to make. "However, what they don't realise is that when they press enter to execute the search, the advertisement engines that drive (and fund) the search engine will distribute that link as a search term to anyone who has paid for an 'adword' that closely matches any part of that link." Personal Thoughts I have always only uploaded files that I would not mind being shared publicly due to the frequency of this kind of problem. However, I understand that some people do not have many other choices to go with and that it would also be difficult for them to realise that their files are publicly available. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 holy wall but this is why i dont tend to trust most file transferring stuff like this, call me old but i still use a usb or portable drive. inb4 people uuuhhhh usbs can get viruses heres all the cares i give [ ] Specs CPU: i5 4670k i won the silicon lottery Cooler: Corsair H100i w/ 2x Corsair SP120 quiet editions Mobo: ASUS Z97 SABERTOOTH MARK 1 Ram: Corsair Platnums 16gb (4x4gb) Storage: Samsun 840 evo 256gb and random hard drives GPU: EVGA acx 2.0 gtx 980 PSU: Corsair RM 850w Case: Fractal Arc Midi R2 windowed Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 Well that is why I only keep non important stuff on db or encrypted stuff. "Great minds discuss ideas; average minds discuss events; small minds discuss people." Main rig: i7-4790 - 24GB RAM - GTX 970 - Samsung 840 240GB Evo - 2x 2TB Seagate. - 4 monitors - G710+ - G600 - Zalman Z9U3 Other devices Oneplus One 64GB Sandstone Surface Pro 3 - i7 - 256Gb Surface RT Server: SuperMicro something - Xeon e3 1220 V2 - 12GB RAM - 16TB of Seagates Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 well this explain why it took me 10 minutes to download 700KB file, yesterday this is one of the greatest thing that has happened to me recently, and it happened on this forum, those involved have my eternal gratitude http://linustechtips.com/main/topic/198850-update-alex-got-his-moto-g2-lets-get-a-moto-g-for-alexgoeshigh-unofficial/ :') i use to have the second best link in the world here, but it died ;_; its a 404 now but it will always be here Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 And this is why I don't use the cloud lol Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 That why I have my own cloud :-) but yea I only old picture in Dropbox Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 Lol I only use dropbox for random shit I don't want locally. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 *cough* BTSync *cough*.... CPU: i7 4770k | GPU: Sapphire 290 Tri-X OC | RAM: Corsair Vengeance LP 2x8GB | MTB: GA-Z87X-UD5H | COOLER: Noctua NH-D14 | PSU: Corsair 760i | CASE: Corsair 550D | DISPLAY: BenQ XL2420TE Firestrike scores - Graphics: 10781 Physics: 9448 Combined: 4289 "Nvidia, Fuck you" - Linus Torvald Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 And that is why it is always good to require at the minimum a password when sharing a file 0b10111010 10101101 11110000 00001101 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 And this is why I don't use the cloud lol That why I have my own cloud :-) but yea I only old picture in Dropbox Thats why i like the cloud to butt firefox extension... Signatures are stupid. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 And this is why I don't use the cloud lol That's not really fair, since it wasn't directly Dropbox's fault. It's good they put the patch in though. I do not feel obliged to believe that the same God who has endowed us with sense, reason and intellect has intended us to forgo their use, and by some other means to give us knowledge which we can attain by them. - Galileo GalileiBuild Logs: Tophat (in progress), DNAF | Useful Links: How To: Choosing Your Storage Devices and Configuration, Case Study: RAID Tolerance to Failure, Reducing Single Points of Failure in Redundant Storage , Why Choose an SSD?, ZFS From A to Z (Eric1024), Advanced RAID: Survival Rates, Flashing LSI RAID Cards (alpenwasser), SAN and Storage Networking Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 So Condoleezza Ricce goes to town on Dropbox and not a few weeks later this happens, sure "unintentional" Now watch the totally and completely unpredictable discovery that the NSA got a hold of this files. ------- Current Rig ------- Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 The clouds are a dangerous place. Mobo: Z97 MSI Gaming 7 / CPU: i5-4690k@4.5GHz 1.23v / GPU: EVGA GTX 1070 / RAM: 8GB DDR3 1600MHz@CL9 1.5v / PSU: Corsair CX500M / Case: NZXT 410 / Monitor: 1080p IPS Acer R240HY bidx Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 6, 2014 That's not really fair, since it wasn't directly Dropbox's fault. It's good they put the patch in though. It's not about who's fault it is it's about the fact that this stuff happens and what if I had very sensitive info and it got leaked. (Not saying I would ever put something like that in the cloud but your average joe doesn't know the dangers and will do it like these peoples mortgage or whatever it was got leaked) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted May 7, 2014 So Condoleezza Ricce goes to town on Dropbox and not a few weeks later this happens, sure "unintentional" Now watch the totally and completely unpredictable discovery that the NSA got a hold of this files. well since I only use dropbox to transfer school essays from my comp to college comps. So if the NSA wants to see and proof read my english papers then by all means go ahead. But in all seriousness I am against invasion of privacy. CPU amd phenom ii x4 965 @ 3.4Ghz | Motherboard msi 970a-g46 | RAM 2x 4GB Team Elite | GPU XFX Radeon HD 7870 DD | Case NZXT Gamma Classic | HDD 750 GB Hitachi | PSU ocz modxstream pro 600w Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now