Dropbox under fire for security concerns

The most recent of these criticisms arose from an update to the Dropbox Terms of Service to state that if the government asks, it will hand over your files:

As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox’s encryption from the files before providing them to law enforcement.

All this comes on the heels of a report last week by security engineer Derek Newton that revealed another insecurity in Dropbox. Newton reports that the machine hash — a string that uniquely identifies the computer running Dropbox to their servers — is stored unencrypted and in a standard location on any machine with Dropbox installed. This means that if someone steals that single small file, perhaps by tricking a user into revealing it or through a malware attack, they can copy the machine hash to a computer of their own and download a copy of the entire contents of the Dropbox account in a manner that is almost undetectable to the user.

Beware the cloud?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>