| Hi Adam,
Thanks for asking about this. While at first blush this sounds serious, we don’t agree with the assertion that there is a security flaw – Dropbox is a perfectly safe place to store sensitive data.
The article claims that an attacker would be able to gain access to a user’s Dropbox account if they are able to get physical access to the user’s computer. In reality, at the point an attacker has physical access to a computer, the security battle is already lost.
The research claims Dropbox is insecure because it is possible to copy authentication information straight from the user’s hard drive. This ‘flaw’ exists with any service that uses file-based authentication. Practically every web service uses “cookies” that are stored on your hard drive and are susceptible to all the same attack mentioned by the research. The same user who as access to your Dropbox file also could steal your browser cookies and gain access to all your web services such as email and banking.
A simple metaphor: You keep a set of keys to you car inside your house, but don’t lock the front door to the house. If someone enters into your house they can get your keys and get into your car. Your car’s lock is not faulty but the thief is already inside your house and can take everything, including your car.
The same goes for your computer (the house). Keep it secure and your keys to Dropbox (the car) will be safe.
You should also read this blog from Computer World’s security expert for an outside perspective:
http://blogs.computerworlduk.com/unscrewing-security/2011/04/practical-dropbox-security-advice/index.htm
All that said, Dropbox has a reputation for being secure and we want all our users to feel comfortable storing anything in Dropbox. There are measures that can be taken to make it more difficult (though not impossible) to gain access to the authentication cookie which we’ll consider in the future. We still want to maintain the ease of use of Dropbox as well and don’t want to to need a new set of car keys every time you park your car. 
If you still have any concerns the please let us know.
Best regards,
Marshall
—————————————-
I understand the “if they have access to your machine, you’re screwed” but I don’t think it’s safe to where someone could grab a string of text in a matter of seconds from sitting in front of the machine, and then they could remotely capture everything without you knowing about it. There should be steps to more accurately identify that there is a new machine connecting to the servers. Even an IP whitelist would be nice. Anything not already added would need to reauthenticate. Would be pretty easy to implement.
As for the cookies argument, yes, for basic things you’d be screwed, but banks and more important sites have countermeasures in place because that attack exists. And the metaphor doesn’t work. If someone stole my keys, I would know about it pretty quickly, also, I’d hear my garage door open, the car start, and I could track in with GPS.
This is more like, I have a party at my house, so there’s obviously going to be people over, and on the kitchen table next to the beer is a box of 1000 keys, all copies to the same safe thats just sitting in the middle of a park. And in this safe are all my important documents. If someone took a key, I wouldn’t know about it. And everyone has direct access to that safe without myself or anyone else even knowing about it. This is why we have limited keys, we keep them safe and not out in the open, and we put our safes in places like banks where there are additional layers of security to get to it (more than just the key). The “cookie” metaphor would be that after visiting the teller (IP), they know it’s me and don’t ask for my ID, but if I get a different teller, they’ll ask for my ID before letting me to the safe.
phew… that was a little long, but I hope you see the point here.
Thanks!
.: Adam
|
0
Back to top