stupid cloud- Dropbox hacked.

tatest wrote:
While I am at it, why do I have four email providers? Because I have had more than a dozen since my ARPANet days, and they come and go. Four accounts at a time keep me comfortable that maybe one will keep going until I can find a new provider.

I have several accounts too. Also two email clients (I HATE webmail).

One thing I never do is use my real email addresses online.

Hacking aside, I find cloud services to be useful but ephemeral. Five of the nine places I've used (since 1990) to upload, share, and potentially "archive" and share image files and other documents have gone defunct, discontinued the services I was using, or changed terms of service in ways that they were no longer useful to me. For image files or photos, there are probably another dozen or so that I never tried, that have come and gone.

I don't depend entirely on any "real" cloud server, I run my own to share among my computers and digital devices, but I do use (five, currently) external service for sharing with others (different folks have different strokes), but only two for sharing among my own devices, chosen on my own estimates of likely longevity and operational competence. There is a third one on my standby list, but I am too multi-platform to make much use of anything exclusive to Microsoft platforms and protocols.

I've found Dropbox to be a good platform for sharing non-critical, non-sensitive information with others. A couple of my email providers (four currently) use Dropbox as their way to forward large files, so I am kind of stuck with it. It works, and the price (free) is right for what I do. It bothers me little that their encrypted password list got hacked once, I use different passwords and IDs in different places and don't put anything I might be ashamed of or of financial value into the cloud.

While I am at it, why do I have four email providers? Because I have had more than a dozen since my ARPANet days, and they come and go. Four accounts at a time keep me comfortable that maybe one will keep going until I can find a new provider.

Don't let a hack of a services provider scare you, just practice safe Internet: use different IDs, different passwords everywhere, changing passwords frequently. And while I am on that subject, despite all the advertisements from service providers, a smartphone app or online service is not the place to keep that identification information, as those are hack targets. The right place for me is a notebook I can keep on my person, or at home when not traveling, because my home or my person is a lot less likely hacker target than anyplace storing security information on the Internet.

bwanshoom wrote:
That was in 2012. Old news.

Also, Dropbox was using decent password storage methods so the risk was limited.

The problem is that people re-use the same passwords and variants of the same over and over again. If a given system doesn't force password changes, and most don't, it's very likely that the majority of those passwords stolen in 2012 are still being used by the same people, for their social media accounts, for their bank accounts, etc.

If you are a Dropbox user and using the same password for other things, you need to change ALL your passwords.

Ed_Gee wrote:

braindead0 wrote:
Trusting third parties who have no hard consequence for their negligence is a really bad idea. DropBox did the right thing by resetting passwords and quickly informing people of the problem.

When I use services like this I always encrypt locally, with the highest security method(s) I have available. Anyone compromises the online service, is going to have to spend a lot of money to access my data.

That is the way to do it! Encrypt your sensitive info stored in the cloud. :)

Be careful how you do it though. The devil is in the details.. I've seen people encrypt files and then leave the key plaintext in the same folder that's being synced to the 'cloud', or leave the unencrypted files next to the encrypted version in the folder being synced to the cloud.. etc..

Or using home rolled encryption, or relying on a cloud client 'Encrypt Data' check box..

There are more ways that encryption can be done wrong that right.

What I would strongly suggest people do is purchase 2 SOHO type NAS boxes that are capable of syncing remotely. I use QNAP however there are others that support this. Setup synchronization between them using SSH with pre-shared keys and install one of the boxes at a friends house.

Then you backup all of your 'stuff' to the NAS box at your house, and every night/week whatever makes sense it'll sync that data to a friend/family members house. If you have a suitable fire safe you can install the NAS box in that as well.

You could also dedicate a portion of the offsite NAS box for use by your friend/family.. or they could get their own and you run theirs.

Setup correctly you have a full backup off site and you'll be vastly more secure than any cloud based system.

That being said it requires a fairly high level of technical know how to setup properly and securely.

braindead0 wrote:
Trusting third parties who have no hard consequence for their negligence is a really bad idea. DropBox did the right thing by resetting passwords and quickly informing people of the problem.

When I use services like this I always encrypt locally, with the highest security method(s) I have available. Anyone compromises the online service, is going to have to spend a lot of money to access my data.

That is the way to do it! Encrypt your sensitive info stored in the cloud. :)

Trusting third parties who have no hard consequence for their negligence is a really bad idea. DropBox did the right thing by resetting passwords and quickly informing people of the problem.

When I use services like this I always encrypt locally, with the highest security method(s) I have available. Anyone compromises the online service, is going to have to spend a lot of money to access my data.

i updated OP to indicate pw should be changed!

2oldman wrote:
This board is old. Every new thing is declared to be unsafe.

Including Camping World's website. Hopefully, none of you shop online there - their security is laughable compared to Dropbox and they have your credit card information.

This board is old. Every new thing is declared to be unsafe.

That was in 2012. Old news.

Also, Dropbox was using decent password storage methods so the risk was limited.

You should be more concerned with the Lowes, Targets, Home Depots, OMBs, IRSs of the world that don't practice good security and may have access to lots of your information.

There's certainly nothing unique to the cloud as far as security issues are concerned. With good security practices I think users can use the cloud very successfully while minimizing their risk. It's not the issue that some would make it out to be.