For those of you using DropBox

[Ramy]

http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

 

[Hall]

It appears to me that this is a bit of an exaggeration...

This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox...

This "config.db" file is on the user's machine so how does an attacker get it ? If they have access to the machine, who the hell cares about Dropbox's security, or lack of ?

 

[rockymtnhigh]

It appears to me that this is a bit of an exaggeration...

This "config.db" file is on the user's machine so how does an attacker get it ? If they have access to the machine, who the hell cares about Dropbox's security, or lack of ?

Agreed. I read that story and thought the same thing.

Sent from my iPad using SatelliteGuys

 

[Hall]

Agreed. I read that story and thought the same thing.

Every piece of software and every operating system can be susceptible to this same security "issue".

 

[diogen]

This type of vulnerability (if important) is addressed by two-factor authentication.
"What you have" is compromised, "what you know" isn't...

Diogen.