Home > Cloud Storage, Electronic Records, Internet, personal data online, Records Management, Records Storage > Dropbox’s password nightmare highlights cloud risks

Dropbox’s password nightmare highlights cloud risks

By Julianne Pepitone @CNNMoneyTech

NEW YORK (CNNMoney) — It’s the security nightmare scenario: A website stuffed with sensitive documents leaves all of its customer data unprotected and exposed.

It happened this week to Dropbox, a cloud storage site used by 25 million customers to store documents, videos, photos and other files. For four hours on Sunday, a site glitch let visitors use any password to log in to customers’ accounts.

Dropbox fessed up to the mistake in blog post on Monday. A code update gone awry introduced what the site delicately called an “authentication bug.” The error was fixed five minutes after it was discovered, but for a four-hour stretch, the site’s defenses were down.

“This should never have happened,” Dropbox wrote in its blog.

But it did — and as individuals and corporations move to storing sensitive information in online lockers, they could get burned.

“Any trust in the cloud is too much trust in the cloud — it’s as simple as that,” says Dave Aitel, president and CEO of security firm Immunity Inc. “It’s pretty much the standard among security professionals that you should put on the cloud only what you would be willing to give away.”

Like many other consumer-focused cloud services, Dropbox essentially traded some security for ease of use. The company encrypts and decrypts data on its own servers — which makes it easy for users to login with just a password, instead of a complex encryption key. But it also leaves a lot in Dropbox’s hands.

“It’s giving them all the keys to the castle,” Aitel says. “When you’re your own hosting provider, you’re self-insured. But when you let someone else keep the encryption keys, it’s like outsourcing or offshoring. You’re giving up accountability.”

Source: http://money.cnn.com/2011/06/22/technology/dropbox_passwords/index.htm?source=cnn_bin&hpt=hp_bn3

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: