Dropbox Security Compromised

[lutzee]

So an Software Security researcher has released details on how the dropbox client is liable to code injection that can lead to bypassing SSL encryption on the client and being able to hijack accounts.

 

The Dropbox client is programmed in python and then obfuscated and compiled into python byte-code. And like every other compiled byte-code programming languages, with the right tools can be de-compiled and de-obfuscated to gain access to the code.

 

With this coming to light, what are peoples opinions on closed source programs that you use that have accounts associated with them, and do you feel confident that they are secure to the highest of standards, or would you actively look for an opensource alternative?

 

Source of the dropbox stuff: https://www.usenix.org/system/files/conference/woot13/woot13-kholia.pdf

 

 

[Joshua]

Oh god, now someone can see my history assessment from 5 months back and 2 fallout screenshots :'(

[lutzee]

Oh god, now someone can see my history assessment from 5 months back and 2 fallout screenshots :'(

Some people actually use these systems for convenience too. I was using it for a quick nasty source management between PCs before I submitted to my remote git. I'll be writing my own private system unless dropbox fixes things..