A while ago, the world was abuzz with the celebrity nudes hack.  I was recently reminded of a recent update I had seen for Dropbox.  It’s easily understood that anything that can be used by you for good can be used against you for bad by someone else.  This feature is no different.

The specific feature that was added to Dropbox was “Remote Wipe”, which is intended to be used if you lose your phone or other portable device.  By triggering a remote wipe, your data is no longer available to steal.  That is a good thing.  This is presumably done through the Dropbox website.

But what happens if someone gains access to your Dropbox website account?  They can remotely wipe your data.  Now instead of your portable device being a backup copy if the service ever became inaccessible, now it’s vulnerable whenever the service is accessible.

Naturally, the hacker would either change the password and/or copy off all the files for their own potential ransom request or personal use.  Can you imagine opening up your Dropbox folder one day and have it be empty except for a text file with instructions on submitting a ransom in bitcoin?

I keep saying it one way or another.  The cloud is not to be trusted. 

You need to:

  • Keep your data locally.
  • Have unique usernames at each website – Use a password manager like KeePass
  • Have unique passwords at each website – Use a password manager like KeePass!
  • Keep a PIN on your phone.
  • Keep catastrophic data in an encrypted file – Use TrueCrypt 7.1a

The more of this you do, the more secure you will be, which means the more comfortable you will be. 

Comments are closed.