*warning* all cloud platforms can be hacked without a password.

errole

New member
Sep 7, 2013
147
0
0
Visit site
Just read a article on how hackers can access your cloud. No matter if OneDrive, google drive, box, etc is all vulnerable.

The research paper details a new technique called MITC (Man in the Cloud), which allows attackers to intrude popular cloud storage services like Box, Dropbox, Google Drive, and OneDrive.

MITC attacks don't rely on vulnerabilities in the syncing applications themselves, nor on security holes in the cloud storage server, but act on a design flaw.

Because of the way these services were built, not requiring a password every time a file is synced, a token is used instead to authorize these operations without constantly hampering the user.

This token is stored on each of the devices a user connects to their cloud storage device, and even if encrypted, it can be broken into and stolen by attackers.

Read more Link: Attackers Can Access Dropbox, Google Drive, OneDrive Accounts Without the User's Password - Softpedia
 

Pete

Retired Moderator
Nov 12, 2012
4,593
0
0
Visit site
This article neatly raises and then ignores the fact that any attacker would need physical access to the users device in order to steal the authentication token.

Needless to say, if you leave your computer unlocked among people you don't trust, what's going to happen...?
 

rhapdog

Retired Senior Ambassador
Aug 26, 2014
3,035
0
0
Visit site
This article neatly raises and then ignores the fact that any attacker would need physical access to the users device in order to steal the authentication token.

Needless to say, if you leave your computer unlocked among people you don't trust, what's going to happen...?

And if you're extremely paranoid, you can do what I do. I use OneDrive for convenient access to files I use often, but for files I want to keep secure and safe from everyone, I keep those on an encrypted portable Hard Drive that uses 3 layers of encryption, each with their own 50 character minimum password. The hard drive is stored in a lead-lined, fireproof media safe that is covered in 3 feet of concrete and buried 12 feet below my cellar. I keep the secure passwords stored in a separate location (because I can never remember that many random characters) 27 miles away and locked inside a water-tight safe in the cabin of a sunken yacht at the bottom of a large lake. The passwords are useless without the USB security key, which is kept in a safe deposit box at a bank 96 miles away. Even with all these precautions, I've had to set up a series of booby-traps like what you might find in an old Indiana Jones adventure movie, just in case someone finds the location of any one of the three items and decides to attempt to access them. One can never be too careful.

Even with all that, I'm still not sure my data is safe.

Truth is, if your data is ever really truly secure, than you'll never be able to use and enjoy it. (And for those of you that couldn't tell, my story above is just that. A story. Yeah, I made it up on the spot.)
 

LockOnTech

Member
May 3, 2014
286
0
16
Visit site
And if you're extremely paranoid, you can do what I do. I use OneDrive for convenient access to files I use often, but for files I want to keep secure and safe from everyone, I keep those on an encrypted portable Hard Drive that uses 3 layers of encryption, each with their own 50 character minimum password. The hard drive is stored in a lead-lined, fireproof media safe that is covered in 3 feet of concrete and buried 12 feet below my cellar. I keep the secure passwords stored in a separate location (because I can never remember that many random characters) 27 miles away and locked inside a water-tight safe in the cabin of a sunken yacht at the bottom of a large lake. The passwords are useless without the USB security key, which is kept in a safe deposit box at a bank 96 miles away. Even with all these precautions, I've had to set up a series of booby-traps like what you might find in an old Indiana Jones adventure movie, just in case someone finds the location of any one of the three items and decides to attempt to access them. One can never be too careful.

Even with all that, I'm still not sure my data is safe.

Truth is, if your data is ever really truly secure, than you'll never be able to use and enjoy it. (And for those of you that couldn't tell, my story above is just that. A story. Yeah, I made it up on the spot.)

The best response to a post I've read today, Well done sir.
 

TheJackah

New member
Jul 31, 2015
57
0
0
Visit site
And if you're extremely paranoid, you can do what I do. I use OneDrive for convenient access to files I use often, but for files I want to keep secure and safe from everyone, I keep those on an encrypted portable Hard Drive that uses 3 layers of encryption, each with their own 50 character minimum password. The hard drive is stored in a lead-lined, fireproof media safe that is covered in 3 feet of concrete and buried 12 feet below my cellar. I keep the secure passwords stored in a separate location (because I can never remember that many random characters) 27 miles away and locked inside a water-tight safe in the cabin of a sunken yacht at the bottom of a large lake. The passwords are useless without the USB security key, which is kept in a safe deposit box at a bank 96 miles away. Even with all these precautions, I've had to set up a series of booby-traps like what you might find in an old Indiana Jones adventure movie, just in case someone finds the location of any one of the three items and decides to attempt to access them. One can never be too careful.

Even with all that, I'm still not sure my data is safe.

Truth is, if your data is ever really truly secure, than you'll never be able to use and enjoy it. (And for those of you that couldn't tell, my story above is just that. A story. Yeah, I made it up on the spot.)

Gave me a chuckle. :p

Posted via the Windows Central App
 

rjedge54

New member
Dec 1, 2012
1
0
0
Visit site
An easy way to thwart any auch attack is to enable multi-factor authentication. It's now supported on most popular, email and clouds services. I have done a on all of my accounts.
 

fatclue_98

Retired Moderator
Apr 1, 2012
9,146
1
38
Visit site
Rhapdog, I have your map. I know where you live. I'm a certified scuba diver and your data is toast. BTW, I'm not afraid of snakes.
 

rhapdog

Retired Senior Ambassador
Aug 26, 2014
3,035
0
0
Visit site
Rhapdog, I have your map. I know where you live. I'm a certified scuba diver and your data is toast. BTW, I'm not afraid of snakes.

I didn't use snakes anyway. I've got Nessy guarding the yacht. I borrowed her from Loch Ness. Good luck with that one. ;)
 

Members online

Forum statistics

Threads
322,911
Messages
2,242,885
Members
428,005
Latest member
COME ON WIN ANDROID (ADI)