Monday, April 25, 2011

Dropbox authentication issues

There has been some discussion of whether the dropbox authentication system is a vulnerability, or just as insecure as everything else. At the very least: if changing your password doesn't change the underlying key stored on your machine, that an attacker could have copied, it makes denying access to an attacker post-compromise fairly difficult.

No comments: