Scammers take advantage of Oslo with virus [ July 25th, 2011 ] Posted in » Virus

To show that some people have no regard for human life, shortly after the Oslo bombing a scam appeared which purported itself as a security camera showing the blast.   They are also tricking users into sharing it with their friends.

Here is some more information by the Sophos bloggers:

Dropbox drops authentication

What a disaster for dropbox yesterday when their authentication system broke and allowed users to use any password to login.  I am shocked that a major SAAS host would have such a major bug that would allow complete access to any of their accounts.  This is a lot worse than the previous PR issue where they were promising things that they could not due to U.S. law.

This speaks to a very large issue with QA testing on new code.  As one of our network admins here pointed out, it is similar to an anti-virus vendor releasing an update that detects system files as a virus, thus rendering Windows unusable.  There is no excuse when you are that large to not have sufficient testing in place.  We need to expect better from the supposed mature SAAS companies out there.

It looks like Dropbox took a page from the Google PR team stating, “A very small number of users (much less than 1 percent) logged in during that period…”  That just speaks to arrogance and attempts to put some sort of positive spin on a big disaster.  Plus 1% of your customers is around 250,000 users.

This will also be another reason to be very cautious when picking your SAAS vendors.  Make sure you have a balance of security, flexibility, total cost, and recovery.  If your data needs to be secure you need to pick a vendor that matches that security.

Remember, nobody will care more about your data than you will.

June 21st, 2011 | Leave a Comment

Powered by WordPress | Blue Weed by Blog Oh! Blog | Entries (RSS) and Comments (RSS).