We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
9
10
2013
3.1.2023

Dropbox Cloud Hacked: How Safe is SSL?

Last updated:
9.16.2020
3.1.2023
No items found.
customer support icon
A Lunavian

Your trusted adviser for enterprise IT services: hybrid IT, cloud, digital transformation, data center, & consulting.

At the end of August, news broke that two hackers had broken the two-factor security deployed by Dropbox, a cloud storage platform used by millions of people across the globe. The hackers published their methods in order to promote an open-source version of the program that could, they claimed, be safer for users overall. The hack puts cloud providers and users on edge: how safe is SSL?

Dropbox is quoted at Computerworld as saying the method used would actually require a compromised user computer first, using additional hacks. The two programmers, however, stated that they were able to access the Dropbox API itself, tools that the company keeps locked down.

The hackers used code-injection and monkey patching to gain access to user data despite SSL security layers. Monkey patching and code-injection are similar strategies that can be used maliciously to add code at runtime. When users run a program, the additional code sent from the attacking computer is executed or added to the program, allowing root access or modifying the behavior of a program without access to the original source code. These changes can be made in memory instead of on a hard disk or even sent over a network.

Dropbox may wave off the hackers by saying they would require access to user boxes, but that isn't impossible. User machines can be compromised, especially with the rise of BYOD and shadow IT in companies large and small.

There are security methods that can stave off code-injection type attacks, including randomized cyphers in place before the execution of key program functions. In the end, hackers are a real threat to remotely stored data that must be considered on a daily basis. It is only through a combination of security hardening, SSL, and constant audits and/or cloud security monitoring that hacking attempts can be discovered and thwarted.

When a giant like Dropbox is hacked, it puts all cloud providers on their toes. End-user training including anti-malware tools is a necessity, and IT departments must remain vigilant as well. With monitoring from cloud service providers added to these precautions, sensitive company data can be safely stored in the cloud.

Posted By: Joe Kozlowicz

Recent Blog Posts

lunavi logo alternate white and yellow
BLOG
4.5.2024
03
.
27
.
2024
Utilizing Bicep Parameter Files with ALZ-Bicep

Ready to achieve more efficient Azure Deployments? You can use Bicep parameters instead of JSON which opens new opportunities for deployment. Let Lunavi expert, Joe Thompson, show you how.

Learn more
lunavi logo alternate white and yellow
BLOG
3.26.2024
03
.
04
.
2024
Anticipating Surges in Cyber Attacks and Bolstering Your InfoSec Defenses in 2024

Learn how to navigate 2024 with the right InfoSec defenses to protect your organization against a rising number of cyber attacks.

Learn more
lunavi logo alternate white and yellow
BLOG
3.26.2024
01
.
03
.
2024
Microsoft Copilot is Re-Shaping the Innovation Frontier

Microsoft 365 Copilot has been released, and it's changing the way we work. More than OpenAI or ChatGPT, read how Copilot can seamlessly integrate with your workflow.

Learn more

How Can We Help You Navigate What's Next?

Let's work together to deliver the services, applications, and solutions that take your organization to the next level.

Get Started
Services
Company
Contact
© 2024 Lunavi, Inc. All Rights Reserved.
Privacy Policy | Acceptable Use