During a recent code push, web-based file storage firm Dropbox introduced a bug in their authentication mechanism - allowing unprotected access to accounts for four hours.
Reaction to this particular bug was widespread:
- "allowed users to log into accounts using any password"
- "gaping security holes"
- "a significant embarrassment for Dropbox"
- "Too bad I no longer trust them"
- "Even as a free service they're not worth the trouble"
From the Dropbox web site's Help section:
I'm sure they are usually password-protected. Unless there is a bug in the authentication mechanism. In which case they are not actually password-protected at all.How secure is Dropbox?
Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military.Dropbox takes the security of your files and of our software very seriously. We use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure. Your files are backed-up, stored securely, and password-protected.
Perhaps they should have tested more.
See also:
This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance. I like to lead, to test, and occasionally to write about leading and testing. Find me at http://strazzere.blogspot.com/. |
No comments:
Post a Comment