{"id":10719,"date":"2014-05-06T14:16:39","date_gmt":"2014-05-06T14:16:39","guid":{"rendered":"http:\/\/cloudnewsdaily.com\/?p=14975"},"modified":"2014-05-06T14:16:39","modified_gmt":"2014-05-06T14:16:39","slug":"dropbox-forced-to-kill-shared-links-due-to-security-snafu","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/dropbox-forced-to-kill-shared-links-due-to-security-snafu\/","title":{"rendered":"Dropbox Forced to Kill Shared Links Due to Security Snafu"},"content":{"rendered":"<\/p>\n<p>Oops! Dropbox announced it is killing existing shared links where documents include ordinary hyperlinks to websites. The problem is the plain old referrer in the header tells that website the URL the inbound link came from. That&#8217;s a standard way sites know where their non-direct traffic is coming from. In this scenario, however, the referrer is the URL of the shared dropbox document.<\/p>\n<p><span style=\"font-size: 13px;\">The symptom Dropbox users will experience? Complaints from recipients that the link they were given doesn&#8217;t work (if in doubt check the link yourself).<\/span><\/p>\n<p><span style=\"font-size: 13px;\">From the <\/span><a style=\"font-size: 13px;\" href=\"https:\/\/blog.dropbox.com\/2014\/05\/web-vulnerability-affecting-shared-links\/\">Dropbox post<\/a><span style=\"font-size: 13px;\"> on the issue:<\/span><\/p>\n<p style=\"padding-left: 30px;\"><em>While we\u2019re unaware of any abuse of this vulnerability, for your safety we\u2019ve taken the following steps to make sure this vulnerability can\u2019t be exploited:<\/em><\/p>\n<ul style=\"padding-left: 30px;\">\n<li style=\"padding-left: 30px;\"><em>For previously shared links to such documents, we\u2019ve disabled access entirely until further notice. We\u2019re working to restore links that aren\u2019t susceptible to this vulnerability over the next few days.<\/em><\/li>\n<li style=\"padding-left: 30px;\"><em>In the meantime, as a workaround, you can\u00a0re-create any shared links\u00a0that have been turned off.<\/em><\/li>\n<li style=\"padding-left: 30px;\"><em>For all shared links created going forward, we\u2019ve patched the vulnerability<\/em><\/li>\n<\/ul>\n<p>Here&#8217;s how to <a href=\"https:\/\/www.dropbox.com\/help\/5050\/en\">rebuild affected links<\/a>.<\/p>\n<div class=\"zemanta-pixie\" style=\"margin-top: 10px; height: 15px;\"><img decoding=\"async\" class=\"zemanta-pixie-img\" style=\"border: none; float: right;\" alt=\"\" src=\"http:\/\/img.zemanta.com\/pixy.gif?x-id=4e9db331-8d75-44f9-8e0b-bd69c4e70089\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/CloudNewsDaily\/~4\/m1kXf_xCPDY\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oops! Dropbox announced it is killing existing shared links where documents include ordinary hyperlinks to websites. The problem is the plain old referrer in the header tells that website the URL the inbound link came from. That&rsquo;s a standard way sites know where their non-direct traffic is coming from. In this scenario, however, the referrer [&#8230;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[186,1749,1862,63,1863],"tags":[118],"class_list":["post-10719","post","type-post","status-publish","format-standard","hentry","category-dropbox","category-file-sharing","category-http-referer","category-storage","category-vulnerability","tag-security"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/10719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=10719"}],"version-history":[{"count":0,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/10719\/revisions"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=10719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=10719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=10719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}