Chief Delphi

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)
-   Technical Discussion (http://www.chiefdelphi.com/forums/forumdisplay.php?f=22)
-   -   Dropbox security (http://www.chiefdelphi.com/forums/showthread.php?t=95457)

Ether 02-06-2011 09:25

Dropbox security
 
FWIW, article about Dropbox security:
http://windowssecrets.com/newsletter...-alternatives/



tim-tim 02-06-2011 10:13

Re: Dropbox security
 
Thanks for the info.

Good thing I only keep college work on there.

JesseK 02-06-2011 10:13

Re: Dropbox security
 
Quote:

Originally Posted by Woody Leonhard
He argues with some authority that Dropbox has an unfair advantage over competing cloud file-sharing services by maintaining its own keys (which allows its programs and employees access to your data).

I don't understand how this is an unfair advantage? Is the claim that dropbox security is sub-par simply because employees have a process to go through in order to access the file contents?

Using COTS cloud services, especially free services, to store sensitive proprietary information for a company has been a known no-no in the IT industry since the word "cloud" was even coined. For anything sensitive, the best philosophy isn't centered around if something gets hacked, but rather a matter of when it will become hacked (hi Sony!). Sure, we lose agility by the inability to automatically sync files, or have files available anywhere -- but the tradeoff is well worth it for trade secrets.

For the really paranoid, there's also the good-ol' trusty IronKey USB sticks. 4GB of 256-bit AES on a key chain FTW.

Ether 02-06-2011 10:42

Re: Dropbox security
 
Quote:

Originally Posted by JesseK (Post 1064506)
I don't understand how this is an unfair advantage?

Because if they can un-encrypt your data, they can "deduplicate" files and use delta storage for large files, which takes less storage. He mentioned that in the article.


Quote:

Originally Posted by JesseK (Post 1064506)
Is the claim that dropbox security is sub-par simply because employees have a process to go through in order to access the file contents?

Yes. He mentioned other companies in the article which have no access to decryption.


Please note: I am neither agreeing nor disagreeing with the above, simply explaining what I think he meant.



JesseK 02-06-2011 10:59

Re: Dropbox security
 
Quote:

Originally Posted by Ether (Post 1064509)
Because if they can un-encrypt your data, they can "deduplicate" files and use delta storage for large files, which takes less storage. He mentioned that in the article.

Yes. He mentioned other companies in the article which have no access to decryption.

Please note: I am neither agreeing nor disagreeing with the above, simply explaining what I think he meant.

Gotcha. Interestingly, I'd never heard of drop box until I went back to school, and hadn't heard of any of the other sync-services until this article.

TANSTAAFL indeed.

sanddrag 02-06-2011 14:03

Re: Dropbox security
 
Is there something exactly like dropbox but where you run the server on your own machine somewhere?

Ether 02-06-2011 14:18

Re: Dropbox security
 
Quote:

Originally Posted by sanddrag (Post 1064529)
Is there something exactly like dropbox but where you run the server on your own machine somewhere?

In the article the author mentions alternatives to Dropbox. All of them are client applications I think, but at least one of them generates the passwords and encryption locally so that the server has no access to the content of your files.

If you want to run an Apache server on your own machine you could certainly store files there and completely control access to them. I know that's not "like Dropbox", but it would give you access to your files from any internet-connected device.




Alan Anderson 02-06-2011 16:17

Re: Dropbox security
 
Quote:

Originally Posted by sanddrag (Post 1064529)
Is there something exactly like dropbox but where you run the server on your own machine somewhere?

SparkleShare is supposed to do what you're asking. It doesn't look quite ready for regular use yet, though. There's also iFolder, which seems more complete.

Hugh Meyer 02-06-2011 16:42

Re: Dropbox security
 
Quote:

Originally Posted by sanddrag (Post 1064529)
Is there something exactly like dropbox but where you run the server on your own machine somewhere?

Funambol is one that I have been looking at. It has several sync clients that work with several different types of devices.

http://www.funambol.com/

I use Subversion, but it is not "exactly like dropbox" but it is a great way to keep files in sync across many computers.

http://subversion.apache.org/

-Hugh

Stuart 04-06-2011 22:40

Re: Dropbox security
 
1745 Still uses Dropbox for its stuff but all of our financials are now in a Truecrypt container.

I found the whole thing stinks. the way they presented it to people is that they encrypted/decrypted it locally then only stored the hash ( without the password) like lastpass. but really the only thing keeping your files safe is a company policy (and disgruntled/blackmailed/hacked employees always follow policy)

as far as alts ( if you dont want to pre encrypt ) Steve Gibson ( from Security Now / Grc.com) uses Jungle disk for all his stuff and if its good enough for Steve it should be good enough for us.


All times are GMT -5. The time now is 15:09.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi