![]() But when you let someone else keep the encryption keys, it's like outsourcing or offshoring. "When you're your own hosting provider, you're self-insured. "It's giving them all the keys to the castle," Aitel says. But it also leaves a lot in Dropbox's hands. The company encrypts and decrypts data on its own servers - which makes it easy for users to login with just a password, instead of a complex encryption key. ![]() Like many other consumer-focused cloud services, Dropbox essentially traded some security for ease of use. "It's pretty much the standard among security professionals that you should put on the cloud only what you would be willing to give away." "Any trust in the cloud is too much trust in the cloud - it's as simple as that," says Dave Aitel, president and CEO of security firm Immunity Inc. "This should never have happened," Dropbox wrote in its blog.īut it did - and as individuals and corporations move to storing sensitive information in online lockers, they could get burned. A code update gone awry introduced what the site delicately called an "authentication bug." The error was fixed five minutes after it was discovered, but for a four-hour stretch, the site's defenses were down. ![]() Dropbox fessed up to the mistake in blog post on Monday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |