

Dropbox security flaw uncovered - Angostura
http://greyhat-security.com/dropbox-insecure-design

======
JoachimSchipper
See <http://news.ycombinator.com/item?id=2421110> instead.

------
fleitz
This makes dropbox about as insecure as SSH (eg. copying someone's key files
(aka. config.db) allows you to authenticate as them)

Yes, you could password protect them but dropbox doesn't prompt for passwords,
so you'd need unencrypted private keys. Its obvious by design of not prompting
for passwords that if you copied the right bits of information you'd be able
to authenticate. It's much better security wise that it uses a hostkey, rather
than your password.

