Mountain West Farm Bureau Insurance
light shining through trees representing illumination and problem solving by lunavi
BLOG
9
10
2013
9.30.2020

Dropbox Cloud Hacked: How Safe is SSL?

No items found.

At the end of August, news broke that two hackers had broken the two-factor security deployed by Dropbox, a cloud storage platform used by millions of people across the globe. The hackers published their methods in order to promote an open-source version of the program that could, they claimed, be safer for users overall. The hack puts cloud providers and users on edge: how safe is SSL?

Dropbox is quoted at Computerworld as saying the method used would actually require a compromised user computer first, using additional hacks. The two programmers, however, stated that they were able to access the Dropbox API itself, tools that the company keeps locked down.

The hackers used code-injection and monkey patching to gain access to user data despite SSL security layers. Monkey patching and code-injection are similar strategies that can be used maliciously to add code at runtime. When users run a program, the additional code sent from the attacking computer is executed or added to the program, allowing root access or modifying the behavior of a program without access to the original source code. These changes can be made in memory instead of on a hard disk or even sent over a network.

Dropbox may wave off the hackers by saying they would require access to user boxes, but that isn't impossible. User machines can be compromised, especially with the rise of BYOD and shadow IT in companies large and small.

There are security methods that can stave off code-injection type attacks, including randomized cyphers in place before the execution of key program functions. In the end, hackers are a real threat to remotely stored data that must be considered on a daily basis. It is only through a combination of security hardening, SSL, and constant audits and/or cloud security monitoring that hacking attempts can be discovered and thwarted.

When a giant like Dropbox is hacked, it puts all cloud providers on their toes. End-user training including anti-malware tools is a necessity, and IT departments must remain vigilant as well. With monitoring from cloud service providers added to these precautions, sensitive company data can be safely stored in the cloud.

Posted By: Joe Kozlowicz

Recent Blog Posts

lunavi logo alternate white and yellow
Blog
9.30.2020
8
.
25
.
2020
Patch Automation Comparison: SCCM Orchestration Groups vs. Beekeeper

See how Beekeeper enables additional scheduling and validation functionality compared to Configuration Manager Orchestration Groups.

Learn more
lunavi logo alternate white and yellow
Blog
10.12.2020
8
.
20
.
2020
3 Reasons Ransomware Mitigation is Harder Than You Think

While dodging ransomware may seem as simple as restoring a backup, in practice a large-scale attack is a major mitigation undertaking.

Learn more
lunavi logo alternate white and yellow
Blog
10.5.2020
7
.
29
.
2020
How to Migrate Azure AD Connect to a New Server Within the Same Forest

Senior Technical Consultant Saeed Sheikh describes how to migrate your Azure AD Connect sync from a server you wish to decommission while maintaining settings and the user experience.

Learn more