Dropbox confirms security glitch--no password required
Dropbox confirms security glitch--no password required | Privacy Inc. - CNET News
Well heres the info that SomeGuy is reffering to
Dropbox confirms security glitch--no password required
Web-based storage firm Dropbox confirmed this afternoon that a programmer's error caused a temporary security breach that allowed any password to be used to access any user account.
The San Francisco-based start-up attributed the security breach to a "code update" that "introduced a bug affecting our authentication mechanism." Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said.
"This should never have happened," Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again."
This afternoon's news is a significant embarrassment for Dropbox, which (despite not being located in Silicon Valley) appeared on a list of "20 Hot Silicon Valley Startups You Need To Watch," and which received a CNET Webware award in May 2009.
Dropbox had assured its users that "we use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure."
News of the snafu began to trickle out earlier on Dropbox's discussion forums--one thread was titled "Drop box web interface was WIDE OPEN for some time yesterday"--and through Twitter in a post by privacy advocate Christopher Soghoian.
In 2008, Dropbox received $7.2 million in funding from Sequoia Capital and other investors. The company claims to have more than 25 million users of its free service.
Practice? I can use an SVN repository but I need to learn how to use Dropbox?
Dropdbox is a dumbed-down version of ftp mixed with some social-networking concepts. It was made for people that don't know how to host, upload or maintain a hosting solution. That is the problem.
I guess that this works for most people, and I do agree that because it is popular, and easy to use, you can easily share stuff with almost anyone, but I still think their desktop client shouldn't default to automatically run with windows and automatically sync your folders.
I feel the harbinger of bad news.
Dropbox can legally sell all of your files
Dropbox- Terms of Services
Ah no biggie....We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.
The mention of "to the extent reasonably necessary for the Service." is what could get them into legal trouble if they sold your stuff. Because that is not part of their service, unless in the TOS they define it as "using your data for research and marketing with third parties".
It depends on whose reason it is. Just like "lifetime guarantee" often doesn't specify whose lifespan we're talking about - yours or the company's.
"I just remembered something that happened a long time ago."
dropbox is good for things like sharing docs with people but not for 'secret' stuff i think, with the security troubles they have. i still like it though and use it a lot for schoolwork.
He's right though. There are settings so you don't download everything but only what you wanted. In case of such big things that you do want, there is also the option to transfer through lan rather than internet. You can turn off automatic start up, automatic sync and what not. All your arguments seem to come down to you not turning on/off the right settings.
You might also want to note that setting up your own hosting is not allowed by a lot of providers (including mine), so that's not an option for a lot of people. Them being too dumb or not doesn't even matter. I personally wouldn't even want to set up something of that level for something as simple as a small backup.
I think you should also think things through a bit. You shouldn't be throwing secure files on the internet in the first place, no matter how secure the place is, imho. Dropbox is an awesome system to sync several pc's without having to have access to a local network, having to set up a personal vpn, ... It's meant to back up some stuff for school, some pictures you like or whatever. Not way too personal information you don't want anyone to see. The biggest reason for me to use it, though, is that I always have a local copy of everything, no matter where I am. Setting up your own hosting won't do you much good if you're somewhere without internet. If I'm visiting a friend, they also wouldn't appreciate it if I used up a big chunk of their bandwith to get some files out of my storage.
Last edited by Sazzy; 06.07.11 at 21:21.
So, there is this client I have, he uses Dropbox. He uploaded a build of one of its products for me to test. I go there, select the whole folder of the build and download.
I overwrite all the files in my computer. An hour later, I am trying to get a new feature to work, but I can't. So I contact him and explain that the new feature just won't work. After a few words he says "It can't be, I commited all the files today"...so I check dropbox....and all the files there have the current date (they read "X hours ago")...then I check the ZIP I downloaded...it was created today, cool....so I open it...........the files are a month old.......................Thank you Dropbox
Well to remove any confusion, they changed the TOS altogether...
The Dropbox Blog » Blog Archive » What
…By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.
We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).
To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to. How we collect and use your information generally is also explained in our Privacy Policy…
Yeah the TOS was crap till some time ago. But it's ok now!
Anyway if you wanna increase your space visit:
https://www.dropbox.com/free
and also remember that if you have a .edu mail you can get double the referral (500MB)
https://www.dropbox.com/edu
As alternatives:
1. Sugarsync gives you 5GB to start with:
https://www.sugarsync.com/
2. Spideroak (2GB) gives you enhanced security
https://spideroak.com/
3. Box.net (5GB) 25Mb file size limit
Box.net | Online file sharing, content management, collaboration
4. Wuala like some of you mentioned
5. there are others out there but these are one of the best
Bookmarks