Tips by Tony

An Educational Technology Blog

21 Jun, 2011

Why I’m Not Worried About the Dropbox Security SNAFU

In case you hadn’t heard, Dropbox had an error during a system update yesterday that allowed people to access Dropbox accounts without a password. The glitch lasted about four hours before it was fixed. A SNAFU of this type is very serious, but I’m not really worried. Here’s why:

  1. I don’t have any confidential information stored in my Dropbox account, unless it’s encrypted. In fact, if someone where to have accessed my Dropbox account yesterday, they likely would have been bored to tears at the files they found. Bottom line: don’t store any confidential information in Dropbox (unless it’s encrypted). More on encryption in a bit.
  2. The only confidential information I do store in Dropbox is my 1Password data file, which is encrypted automatically by 1Password. So, if someone would have gained access to this file, it would be a very, very long time (if ever) until they were able to crack the encryption.
  3. I checked the events log on the Dropbox website, and found that nobody had accessed or downloaded any of my files. There were no events in the log between 1:54pm PST and 5:46pm PST, the duration of the security breach.
  4. Did I mention that I don’t have any confidential information stored in Dropbox?

Encrypting Files

If you insist on storing confidential or sensitive files in Dropbox, make sure the files are encrypted. Some files, like the 1Password data file I mentioned earlier, are encrypted automatically by the application that created them. Most files are not encrypted by default, however. If you really, really, really must store sensitive information, look into using something like TrueCrypt (Windows/Mac/Linux) – here’s an article describing using TrueCrypt with Dropbox – or use some other method such as encrypted zip files or encrypted sparse images. I’ll leave it up to you to research how to use such tools. For me, it’s far easier to simply not store confidential information in Dropbox. (Do I sound like a broken record? Good.)

The fact is, as we move more and more of our information from device to device, service to service, hiccups like the recent security SNAFU are going to happen. By thinking ahead, you can minimize any potential damage.

No related posts.

Tags: , ,

No Responses to "Why I’m Not Worried About the Dropbox Security SNAFU"

Comment Form

Ideas & Inspiration

Tips

Rants & Raves

Websites I Like

Latest Tweets

Search


  • Tony: Well, all the hoopla over the EULA is a moot point. Apple revised and clarified it today: http://www.padgadget.com/2012/02/03/apple-updates-ibooks-aut
  • Tony: Here's another post looking at some ideas for using iBook Author: http://mattgemmell.com/2012/01/19/ibooks-ideas/
  • Tony: Guess we'll have to agree to disagree. The EULA has been looked at by many, and the consensus is that Apple is defining the "Work" as the item created

About

This site is a collection of articles, resources, and tips related to using technology in education. As I run across articles or resources I find interesting, I'll post them here, along with the occasional original article and general technology tips.

Copyright © 2009, Tips by Tony. Disclaimer: the views expressed here are my own and in no way represent the views or policies of Visions In Education Charter School.

Thanks to Design Disease and Smashing Magazine