How to Wreck Your Internet Company in 4 Short Hours
The news that Dropbox managed to run for four hours yesterday with all of its shields down is shocking. Everyone watching cloud computing is waiting for The Big One, that catastrophic data compromise that causes even non-geeks to say holy shit. While it hasn’t happened yet, between the Sony debacle and Dropbox yesterday, I think we are getting closer. I’m not sure if it is a function of the state of Internet security, so much as it is our increasing trust and reliance to put really sensitive stuff out there.
One thing is for certain, the stakes are only going up as The Cloud (and iCloud) goes mainstream. So does this change the way I am going to use web based storage? Not really. The huge benefits I receive from cloud syncing make it worth the risk. Nevertheless, there are a few things you can do to protect yourself:
- Lock up those online accounts with a strong password, not pencil;
- Change your online passwords. I change mine every time the clocks change;
- Don’t be stupid about what you store up there. Database of 1970’s baseball cards = Yes. Scanned tax returns = no.
- If you upload anything sensitive, encrypt it yourself first on your Mac. I wrote about it in the book and there are a lot of online tutorials out there explaining how to do it.
So in response to this latest problem am I going to run out and cancel my Dropbox account? No. I think Dropbox learned its lesson. (At least this lesson). I still think, however, we are not far from The Big One.
MacSparky.com is sponsored by Bee Docs Timeline 3D. Make a timeline presentation with your Mac.
Reader Comments (6)
Since your earlier post (I think it was you) regarding putting everything on the cloud within a password-protected container, I felt better about what I've stored in the cloud. Making a password-protected disk image has become my standard procedure for anything that goes on a disk that's not in my immediate physical control.
Take a look at encfs to perform encryption at the individual file level instead of disk images (which don't work well with sync solutions as they create a huge file out of all your files).
Here's a link:
http://www.packetslave.com/2011/04/21/dropbox-encryption-w-encfs-on-macos-x/
Thanks for posting this David. I find it unacceptable on the part of DropBox that I only find out about this via a third party website!
Even if my account has not been compromised, and as far as I can tell it hasn't, DropBox should have emailed all of its users to inform them and suggest they change passwords etc.
I don't keep any financial data on DropBox, but I have caught myself storing files on there that are probably best not - budget reports, meeting minutes etc. Looks like I'll be going back to ChronoSync...
Governments must love all of this cloud file storage. It makes us even more "researchable"!
Changing passwords regularly is not a best practice. In fact, it can be quite harmful. Please see my detailed thoughts here.
@Aaron
I agree with your post. What I should have added to my original recommendations is that I change them with 1Password which creates painfully good passwords and keeps track of them for me.