Now anyone can peek inside your Dropbox
If you have any sensitive data living in the cloud (or even passing through it), make sure it’s secure. As the following article makes clear, these services don’t always tell you the truth.
If you must put stuff out there, learn how to encrypt it. GnuPG offers open source frontend apps & installers for OpenPGP for Windows & Mac. Commercial versions are avaiable from ArticSoft and Symantec. There may be other that I’m unaware of.
Forensic computer security company ATC-NY on Thursday released a new, free tool called Dropbox Reader which helps investigators read “evidence files” associated with Dropbox cloud storage accounts.
Dropbox Reader is actually a series of six command line Python scripts which parse the configuration and cache files of a Dropbox account, including the user’s registered e-mail address, dropbox identifier, software version info and list of recently changed files stored in config.db, the information about shared directories and files marked for sync stored in filecache.db.
[…]
Two months ago, Dropbox shocked its users with a major change to its terms of service. Previously the service claimed that files could actually be safer while stored in a Dropbox account than on a local drive in some cases.…
[…]
Before the ToS change, the service boasted: “Dropbox employees are unable to view user files.” Now, not only are the files viewable, but with Dropbox Reader, the very fundamental elements of the account are penetrable.