[Info-vax] Cloud Security - 68M accounts hacked on Dropbox
Paul Sture
nospam at sture.ch
Sat Sep 3 04:22:47 EDT 2016
On 2016-09-02, MG <marcogbNO at SPAMxs4all.nl> wrote:
> Op 1-sep-2016 om 22:00 schreef Kerry Main:
>> As a follow-on note to this - 68M account passwords hacked on Dropbox.
>> https://www.theguardian.com/technology/2016/aug/31/dropbox-hack-passwords-68m-data-breach
>> https://blogs.dropbox.com/dropbox/2016/08/resetting-passwords-to-keep-your-files-safe/
>>
>> While security is always a concern, the big issue with public cloud
>> offerings is loss of control over security policy. Some companies
>> even have a policy that states storing any company information on
>> Dropbox or other similar Internet file sharing offerings is
>> potentially a company termination offense.
>
> For this reason I never wanted to use anything from "the Cloud"
> or "Cloud-based". (Hasn't anyone also learned anything from
> the iCloud debacle?)
But if you point it out, many will try to shout you down.
Here's another gem for you:
<http://www.zdnet.com/article/google-wont-fix-login-page-flaw-can-lead-to-malware-download/>
----
Google has said it will not fix a potential security flaw that could
trick a user into downloading malware from its login window. But
Google said that the redirect page has to fall within "*google.com"
domains, limiting its impact.
The problem, said Woods, is that malware hosted on
"drive.google.com" or "docs.google.com" which fall within the Google
subdomain parameters could still be used to serve up malware, and
hide it as a genuine Google login page.
----
The above article comes to you courtesy of Risks Digest, a good read but
sometimes quite depressing.
Yesterday's issue:
<http://catless.ncl.ac.uk/Risks/29.74>
Risks Digest is also published on the comp.risks newsgroup
--
It was untidy, so got unplugged.
It was unplugged, so got thrown away.
More information about the Info-vax
mailing list