ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Cloud storage thievery possible without the password

    IT Discussion
    1
    1
    281
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nadnerB
      nadnerB last edited by

      http://news.softpedia.com/news/attackers-can-access-dropbox-google-drive-onedrive-accounts-without-the-user-s-password-488585.shtml
      The research paper details a new technique called MITC (Man in the Cloud), which allows attackers to intrude popular cloud storage services like Box, Dropbox, Google Drive, and OneDrive.

      MITC attacks don't rely on vulnerabilities in the syncing applications themselves, nor on security holes in the cloud storage server, but act on a design flaw.

      Because of the way these services were built, not requiring a password every time a file is synced, a token is used instead to authorize these operations without constantly hampering the user.
       
      The article also mentions that this could be a delivery method for malware etc
       
      Also being discussed here: http://community.spiceworks.com/topic/1108794-attackers-can-access-dropbox-gdrive-onedrive-accounts-without-user-s-password

      1 Reply Last reply Reply Quote 0
      • First post
        Last post