So, someone at Dropbox screwed the pooch yesterday and as a result data was open to the world for roughly four hours on June 19th.

You know, I constantly come back to a simple premise. If you leave all of your data with a third party service that you don’t control, there could be repercussions. That’s not to say that you should squirrel away all of your data in a mattress. Not at all. Rather it’s to point out that if you’re going to rely on a service like Dropbox you should be sure to cover your flank. Encrypt your files.

From C|Net:

Web-based storage firm Dropbox confirmed this afternoon that a programmer’s error caused a temporary security breach that allowed any password to be used to access any user account.

The San Francisco-based start-up attributed the security breach to a “code update” that “introduced a bug affecting our authentication mechanism.” Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said.

“This should never have happened,” Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. “We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.”

Should “never have happened”…indeed. But, it did. And this on the heels of their recent difficulties when it became apparent that there was some snake oil in the “security” of their service offering.

Some ways to protect yourself would be to encrypt your files using PGP or something similar. You could even create some secure storage on DropBox using TruCrypt for example. The long and the short of it is to trust but, verify.

Article Link

(Image used under CC from Mikey Jon Holm)

Originally posted on Liquidmatrix.org

There are times where I am amazed at what people will put forward to an unsuspecting (or in this case suspecting) public.

This company, Private Planet, headed by Dr Janko Mrsic-Flagel aspires to lead us down the primrose path.

From UK Technology Live:

“Well both are paramount,” explains Dr. Mrsic-Flagel. “One of the great differences between us and the likes of Amazon and Google is that in our model you actually OWN your own cloud computer. This is a big difference. The telecom operator will host it for you. You will be the telecom operator’s customer, but you will own that computer. The privacy issue goes away, because you own the equipment that holds your data and it is not shared with any others. Unless you want it to be.”

In a datacenter that you have no control over and…and…

I have no words.

Read on.

Article Link

(Image used under CC from purplemattfish)