Users with the file synchronization and hosting service Dropbox running on their system needed to take good care of the authentication files of the service. These files were generated during first authentication on the system. The issue here for many users was that a third party could copy the authentication files to sync all of the user’s files on another computer without authorization. Many users were not aware that this was possible, especially the fact that the authentication files were all that was needed was problematic from a security point of view.
Even worse; Changing the Dropbox account password did not stop the synchronization on the third party PC. The only option available was to end the session in the Dropbox user interface on the official service website.
Dropbox today has released an updated version of their software client that puts an end to this security loophole. The changelog notes that Dropbox version 1.2.48 ships with security enhancements that prevent attackers from stealing a computer’s account credentials just by copying the configuration files to another computer.
That’s a big step forward in terms of security and protection of accounts. Dropbox furthermore switched to a new encrypted database format to “prevent unauthorized access to local Dropbox client databases”.
The new version ships with Mac OS Lion integration and several smaller fixes that have not been explicitly mentioned in the forum post announcing the new version.
Dropbox 1.2.48 is already available for download on the official Dropbox website. Dropbox users and interested new users can head over there to download the client for their operating system. The new version can be installed over the old version.
Please note that the Dropbox client offers no update checker or automatic update installer. All users need to download and install the new version manually to benefit from the new version’s improvements.
Dropbox users who want to host important files on Dropbox should consider encrypting the files for extra protection. This can be done with specialized software like Boxcryptor or encryption software like True Crypt. (via)
Update: The Dropbox team informed me via email that their software has an automatic update feature and that all users of the service would be automatically updated to the latest version in the coming days.
© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: dropbox, dropbox security, dropbox update, Security
0 comments:
Post a Comment