Is there a hole in your Dropbox?

We often get asked to install Dropbox on DICE, it hasn’t happened before now, mostly for reasons that are probably too long and boring to go into on the systems blog (but if you’re interested). However if you have hand crafted an install on DICE or are using it you may want to be aware of Derek Newtons blog post about Dropbox Security. Basically if someone gets hold of your Dropbox config.db file they can impersonate you until you remove the host that file belongs to from your list of hosts.

If you are using dropbox guard the ~/.dropboxdirectory or equivalent with your life, revoke any key that seems to be doing anything un-towards and encrypt anything you put in there that’s important.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply