Hacker News new | comments | show | ask | jobs | submit login
Dropbox security flaw uncovered (greyhat-security.com)
5 points by Angostura 2300 days ago | hide | past | web | 2 comments | favorite

This makes dropbox about as insecure as SSH (eg. copying someone's key files (aka. config.db) allows you to authenticate as them)

Yes, you could password protect them but dropbox doesn't prompt for passwords, so you'd need unencrypted private keys. Its obvious by design of not prompting for passwords that if you copied the right bits of information you'd be able to authenticate. It's much better security wise that it uses a hostkey, rather than your password.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact