Dropbox phishing: someone is interested in your corporate files

I wrote before about the Target Malware. Now I can also write about Phishing. Here is one for Dropbox:     What is wrong with this email ? the contact me by extracting the user part in the email address (smustaca) The “Verify your email” goes directly to a phishing website. The text is rather unusual, as Dropbox will never send anything like this. Dropbox adds some personalized links at the end of the emails. Emails from Dropbox come from “Dropboxmail.com” and not from “dropbox.com”     Why would anyone phish Dropbox? In order to get your files!   Why would anyone want to get your files? In order to have something possibly secret, interesting, to gain a competitive advantage, to blackmail you.   What can you do? Don’t click on those emails. Look careful at the links, and if you clicked, look that the website is legitimate. When you visit Dropbox.com, you must check the seal (the small lock) by clicking on it:

Dropbox was breached in 2012, the data is now online – a quote in SecurityWeek

68 Million Exposed in Old Dropbox Hack By Ionut Arghire on August 31, 2016 In an email response to a SecurityWeek inquiry, IT security expert Sorin Mustaca said that the surprising fact is that the 2012 hack of Dropbox didn’t emerge earlier, along with the other mega-breaches. He also notes that the use of the SHA1 hashing algorithm with salting improves the security of these passwords. “Fortunately, Dropbox was using the SHA 1 hashing algorithm (today this is not considered “strong” anymore) and it was using salting even in 2012 – an operation that many other services don’t do even today. Many are using legacy systems which make use of MD5 without hashing – I guess that the ‘never change a running system’ is still applied literally in many websites,” Mustaca said. To stay protected, he says, users should create unique passwords for each of the services they use, never reuse passwords, and enable two-factor authentication wherever it is available. Service providers should never store passwords in plain text or encrypted, but should use a strong hashing function with a solid salt.   For consumers: –        Create a unique password for each service you use. Read my free eBook in…

No Image

Dropbox hacked?

You probably have read on news portals that Dropbox was hacked and that some user accounts were compromised. Here is the alleged list of leaked user information. Dropbox is saying that the data is not valid. Apparently, Dropbox was not hacked. The company is clearly stating this on their blog. Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.   I can only confirm and support this suggestion. In the “Improve your security” free eBook is explained how to enable two-factor authentication for several services, including Dropbox and Google Mail.  

No Image

How to exhaust the space on any online backup system

Check the other article I wrote about Dropbox. While playing with the mklink, I made a mistake of trying something new: mklink /D S t:S Remember that the Dropbox folder was located in T:S. So, basically I created a circular reference… and this is what happened:   This is what was transferred until when I stopped the Dropbox program after receiving errors that I run of space: Apparently, Dropbox doesn’t have any kind of loop detection. I will let them know that…  

No Image

Dropbox: How to backup other folders than the default Dropbox

I recently tested a couple of online backup solutions and one of them was Dropbox. If you know the system, you know also that Dropbox requires the user to choose a folder which will be synchronized in the cloud. That folder is called “Dropbox” and can’t be changed. I wanted to backup a couple of folders which I have on my Truecrypt partition but I didn’t want to move them in the Dropbox folder in order to be synchronized with the cloud. For that, I created symlinks with the “mklink” command: cd t:SDropbox mklink /D name directory_source   My Truecrypt partition is called T and in it are folders S together with folders P and N which I wanted to backup. I added the symlinks to P and N in the folder S. mklink /D P t:P mklink /D N t:N Dropbox sensed that immediately and started to synchronize. So far so good… There is a catch: If you sync another computer with the same Dropbox account, you will have the problem that the folders N and P appear to be in folder S. You can change this by selecting what to synchronized in Dropbox.  

No Image

About Cloud Computing in Darkreading.com

When Consumers Go To The Cloud, Businesses Should Watch Out Companies should take a look at what cloud services their employees are using following last week’s authentication bug at Dropbox Dropbox encrypts data on the servers, but not to individual accounts, notes Sorin Mustaca, a product manager with security firm Avira. Anyone with admin access to the server can read all of its data. In addition, data on the servers of external services have lesser legal protections, Mustaca says. “I always advise our users to be very, very careful what they put online because if they put anything online, then the data does not belong to them anymore — it belongs to the cloud,” Mustaca says. “This is the most important lesson that needs to be learned by anybody. If you put it online, you lose control of the data.”

%d bloggers like this: