Update: researcher Graham Cluley tells us "Dropbox says it has fixed one of the issues, but not the one which actually resulted in Income Tax returns and mortgage applications falling into unauthorised hands. Oh, and according to Cluley, Box users are affected as well. We’ll continue working hard to make sure your stuff is safe and keep you updated on any new developments,” Dropbox concludes. “We realize that many of your workflows depend on shared links, and we apologize for the inconvenience. According to the company, using those access controls made it impossible for data to be breached. Business users have the option to restrict shared link access to people in the Dropbox for Business team. Users can re-create any shared links that have been turned off, and any links created starting now are free of this vulnerability. If you’ve engaged in such practices, Dropbox says it has made the links inoperable starting May 5, in order to protect your data. However, shared links to documents can be inadvertently disclosed to unintended recipients,” Dropbox warns.Ī particular set of factors and situations must converge to make it all possible, but it’s nevertheless very easy to get there. “Files shared via links are only accessible to people who have the link. “Dropbox users can share links to any file or folder in their Dropbox,” the cloud company continues. This is standard practice implemented across all browsers.” The referer header was designed to enable websites to better understand traffic sources.
“For background, whenever you click on a link in any browser, the site you’re going to learns where you came from by something called a referer header.
The cloud company begins to explain how linking to Dropbox files can lead to those particular files getting leaked on the web because of the referrer header, or HTTP referrer, which identifies the address of the web page that linked to the resource being requested, allowing the new web page to see where the request originated. “We’ve taken steps to address this issue and you don’t need to take any further action.” “We wanted to let you know about a web vulnerability that impacted shared links to files containing hyperlinks,” the Dropbox post begins. Some of your previously-shared links may no longer be functional as of now, just so you know. In a nutshell, the leak is real and happening, and Dropbox is already taking radical steps to address the situation. Regular users are better off reading what Dropbox has to say on its blog. That’s the key takeaway from an alarming post by security specialist Graham Cluley, who confirmed with Dropbox that they have a serious data leak problem.Ĭluley’s post is insightful, as always, but it’s written in the language of techies. Limit your Dropbox link sharing for a while, as apparently your stuff can turn up on Google.
0 kommentar(er)
