Dropbox Authentication Bug

Pertaining to any discovery, principle, or aspect of science and/or technology. Open debates and discussions are welcome. Also now dealing with any happening in the news.

Moderator: Geeks United

Post Reply
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Dropbox Authentication Bug

Post by dandymcgee »

A few days ago Dropbox released some code on their production servers that allowed logging in to accounts without a valid password. It was live for about four hours before they noticed it and promptly took care of the situation.

The full blog post can be found here. Thoughts?
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
k1net1k
Chaos Rift Maniac
Chaos Rift Maniac
Posts: 563
Joined: Sun Nov 07, 2010 2:58 pm
Contact:

Re: Dropbox Authentication Bug

Post by k1net1k »

thoughts : not good

but hey at least they admitted the breaches and rectified the problem in a timely manner. Sony im looking in your general direction.
Aleios
Chaos Rift Cool Newbie
Chaos Rift Cool Newbie
Posts: 78
Joined: Mon Feb 21, 2011 2:55 am
Current Project: Aleios Engine
Favorite Gaming Platforms: PC, Dreamcast
Programming Language of Choice: C++
Location: Melbourne, Australia

Re: Dropbox Authentication Bug

Post by Aleios »

I laughed at most of the people commenting on there. They are saying encryption is a good way to protect data. Well yes, and no. Anything that has been put on a device connected to the internet is at risk of being stolen. People think that just because it's on their hard drive its safe, which of course is a load of crap. And i find it especially funny how they all think that their data is the most important thing in the world. And using companies as the main target. Well im sorry, but if a company trusts their sensitive data on someone else's servers, then it seriously deserves to be stolen. Sure, dropbox fucked up, it happens, there is no such thing as a secure system. There is a well protected system, but nothing is secure. At least they responded, admitted fault, and most importantly, THE FIXED THE FUCKING PROBLEM! too many companies come out with these "fixes", which are really just obfuscation of fact to make it seem fixed. They fixed the problem, they didn't just shove it in under the stack of issues. So, a good job to them, and a smack on the heads to the idiots bitching and whining, when they most likely wouldn't be able to make the service themselves.
Image
User avatar
WreckKa
Chaos Rift Newbie
Chaos Rift Newbie
Posts: 11
Joined: Thu Jun 23, 2011 1:54 am
Favorite Gaming Platforms: SNES, 360, PC, N64
Programming Language of Choice: DarkBASIC, C#
Location: Lost somewhere deep in the cybernetic abyss of the internet.

Re: Dropbox Authentication Bug

Post by WreckKa »

I fully agree with Aleios, nobody seems to understand that the illusion of security on the internet is one that will be compromised time and again, and it should be expected. They did a great job of accepting responsibility of the situation, and I believe they will legitimately strive to improve security measures. Things will always go wrong, and information will always be compromised; that is the beauty of the internet. If everything was safe and secure, cyberspace would be a very boring place. ;)

:EDIT:
And the fact that people were storing financial records and sensitive information in cloud storage is absolutely ridiculous. Keeping it on an un-encrypted hard drive is bad enough, but keeping it on an online service where it is at risk 24 hours a day, 7 days a week? Ridiculous. Absolutely ridiculous.
- - - v - ^ -@
User avatar
dandymcgee
ES Beta Backer
ES Beta Backer
Posts: 4709
Joined: Tue Apr 29, 2008 3:24 pm
Current Project: https://github.com/dbechrd/RicoTech
Favorite Gaming Platforms: NES, Sega Genesis, PS2, PC
Programming Language of Choice: C
Location: San Francisco
Contact:

Re: Dropbox Authentication Bug

Post by dandymcgee »

Aleios wrote:At least they responded, admitted fault, and most importantly, THEY FIXED THE FUCKING PROBLEM!
Agreed.
WreckKa wrote: :EDIT:
And the fact that people were storing financial records and sensitive information in cloud storage is absolutely ridiculous. Keeping it on an un-encrypted hard drive is bad enough, but keeping it on an online service where it is at risk 24 hours a day, 7 days a week? Ridiculous. Absolutely ridiculous.
Haha, that was one of my favorite comments. :P
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches! :twisted:
User avatar
Ginto8
ES Beta Backer
ES Beta Backer
Posts: 1064
Joined: Tue Jan 06, 2009 4:12 pm
Programming Language of Choice: C/C++, Java

Re: Dropbox Authentication Bug

Post by Ginto8 »

WreckKa wrote::EDIT:
And the fact that people were storing financial records and sensitive information in cloud storage is absolutely ridiculous. Keeping it on an un-encrypted hard drive is bad enough, but keeping it on an online service where it is at risk 24 hours a day, 7 days a week? Ridiculous. Absolutely ridiculous.
The cloud is fine... if your data is securely encrypted, and the storage providers don't actually have the encryption key. For example, LastPass doesn't actually know your master password, and simply can't. Your data is encrypted with it, but it isn't stored anywhere. And aside from the recent hacking (which was handled expertly and smoothly), there has been no issue with it.

</shameless LastPass plug>
Quit procrastinating and make something awesome.
Ducky wrote:Give a man some wood, he'll be warm for the night. Put him on fire and he'll be warm for the rest of his life.
Post Reply