Update 05/28/2014 - TrueCrypt is now defunct
Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.
As alert Twitterer Andy Durdin points out, you can readily see if someone else has changed your Dropbox files. But you can't see if someone else has been snooping through your data.
Dropbox suggests on its blog that less than 1% of accounts were accessed during the unprotected period, and that it will contact those users in case the access was unauthorised.
If your account was accessed, be sure to ask Dropbox for a detailed log of what happened so you can find out what got stolen as well as what got changed. Unauthorised access and unauthorised modification are both bad for your digital well-being.Of course, if you've been using Dropbox to store your top secret excel spreadsheet with all your passwords, you may be sweating it now. In truth, though, if you're using KeepassX or TrueCrypt or GPG/PGP to encrypt your top secret info, you have nothing to fear except the loss of that data.
Some tips I put into practice with my dropbox account:
- Encrypt "private" content shared via Dropbox. This is especially true with stuff I want to share with other people but wouldn't necessarily want to share with the world. I use a variety of tools to get that job done, such as the following (listed from easiest to more complex): KeepassX for usernames/passwords, TrueCrypt.org, NCrypt, GPG, as well as combinations of those.
- Use Dropbox for items you want to share with others, so it wouldn't matter if others did access it.
- Make frequent backups of content on Dropbox OUTSIDE of the Dropbox folder on your computer(s).
There are a lot of other things you can do, but this is a list of what *I* do on a regular basis. Sort of like that old umbrella you keep stowed beneath your seat, waiting for a rainy day on the occasion you get caught without notice, I like to think of Dropbox as one of those throwaway resources...so what if you lose it?
Get Blog Updates via Email!
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure