Scammers take advantage of Oslo with virus [ July 25th, 2011 ] Posted in » Virus

To show that some people have no regard for human life, shortly after the Oslo bombing a scam appeared which purported itself as a security camera showing the blast.   They are also tricking users into sharing it with their friends.

Here is some more information by the Sophos bloggers:

Dropbox issue not about encryption

I’ve been reading a lot of blogs and stories related to the dropbox security issue and am surprised at the amount of energy being spent on a different topic, file encrpytion.

A post at wired stated:

The bug was made possible because of the security architecture choice that Dropbox made, where encryption and decryption happen on Dropbox’s servers, rather than on individual’s computers.

Wuala’s blog states:

…problems like these wouldn’t be possible if the files were encrypted already on the client, like Wuala does.

The issue is not encryption, the issue is poor programming and even worse QA.

It is more likely that your computer is infected by spyware that has a keylogger builtin than for your SAAS host to get hacked.  Yes, if the SAAS storage host is hacked or broke their authentication it is a major widespread issue.  However, if your computer is hacked (again, more common) even that precious client-side security is broken.

Something else to think about, if you rely solely on client-side encryption then you will lose some great benefits like web-based access to files in the cloud, device sync (phones/tablets), collaboration, integration with a business network (active directory), etc.

Don’t get confused on the main issue that dropbox had. The issue with dropbox was a lack of mature protections on code updates.

June 21st, 2011 | Leave a Comment

Powered by WordPress | Blue Weed by Blog Oh! Blog | Entries (RSS) and Comments (RSS).