We previously reported on a Dropbox Security Snafu (and their correction for it). Now we’re learning more about how it came about, and how it was discovered.
There are several ways users can inadvertently leak confidential files, but the one that is the real head-scratcher is a combination of a user entering the URL of a Dropbox or Box file-sharing link in their browser’s “search box” rather than the “URL box”, combined with Google AdWords campaigns by competitors who want their ads to appear with people “search” for Dropbox or Box (pretty standard stuff).
The sites running such a campaign then — completely innocently — see what users are searching for, and what they are “searching for” turns out to be fully-clickable URLs to files that often contain sensitive personal or company data.
If you think that’s too rare a scenario to worry about, think again:
In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered.
That’s from Richard Anstey of Intralink, the people who stumbled on the issue.
Look at this to see (redacted) images of one person’s tax return, and another’s mortgage application. Identity theft, anyone?
Read more about how Intralink discovered all this, along with some good advice on protecting yourself.
TL;DR: sensitive file? Use a sharing application that offers a password or PIN option.
The people behind the format responsible for about a tenth of internet traffic, and until now the bane of content publishers, now aims to build content, social and (they fervently hope) commerce into their new BitTorrent Bundles. As the website puts it:
”(BitTorrent Bundles is the) first media store by the people, for the people. BitTorrent Bundles is where you can access a world of content, direct from artists. Browse titles from some of our favorite creators. Unlock music and film exclusives. Play what you want. Pay what you want.”
The most interesting takeaway from a Wired article on Box’s move to include collaborative editing in its file sharing service:
“…what’s happening now is that the applications are becoming the primary portals to our data, and the notion of the file is fading away. As Levie indicates, you never browse a PC-like file system on your phone. You access your data through applications, and so often, that data resides not on your local device, but on a cloud service somewhere across the net.”
Read the article.
It should come as no surprise that when the general public doesn’t recognize or fully understand what’s behind a tech industry buzzword, and a recent survey on behalf of Citrix is a reminder:
A majority of Americans (54 percent) claim to never use cloud computing. However, 95 percent of this group actually does use the cloud. Specifically, 65 percent bank online, 63 percent shop online, 58 percent use social networking sites such as Facebook or Twitter, 45 percent have played online games, 29 percent store photos online, 22 percent store music or videos online, and 19 percent use online file-sharing. All of these services are cloud based. Even when people don’t think they’re using the cloud, they really are.