Edward Snowden says “Get Rid Of Dropbox”

TechCrunch: “According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google.
Snowden conducted a remote interview today as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy.
His first answer called for a reform of government policies. Some people take the position that they “don’t have anything to hide,” but he argued that when you say that, “You’re inverting the model of responsibility for how rights work”:
“When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights.”
Read the entire article at techcrunch.com
 

The Danger of Using Credentials as Authentication

The Guardian: “Security is back in the news. Both Snapchat and Dropbox have had to deny that their own systems were hacked – but have seen thousands of photos and videos distributed (in the case of Snapchat) and millions of logins made available (in the case of Dropbox – except that they didn’t come from Dropbox).
 
In both cases, the blame has been laid at the feet of third-party websites. Snapsaved has been highlighted as the source of the Snapchat pictures (and the motives of those behind the site still are not clear); Dropbox says that the logins were stolen from “unrelated services”, and then used for login attempts.
 
That’s why it’s dangerous to give your login credentials for a key site to another one; security is a “weakest link” system, and so your credentials are only as safe as the weakest site you offer them to. It’s also why it is a bad idea to use the same password in different sites.”
 

From “After Snapchat and Dropbox, it’s time to realise that the modern web is hostile” by Charles Arthur.

Hackers Ransom 7 Million Dropbox Passwords

CNet: “Hackers are threatening a major breach in Dropbox security, claiming to have stolen the login details of almost 7 million users, and promising to release more password details if they’re paid a Bitcoin ransom.
 
However, Dropbox has denied it has been hacked, saying the passwords were stolen from third-party services.
 
An entry on Pastebin, posted on October 13 at 4:10 p.m. CDT, shows a list of 400 emails and matching plain text passwords, claimed to be part of a large-scale Dropbox hack.
 
The login details for the 400 email addresses, each one starting with the letter B, have been labelled as a “first teaser…just to get things going”. The perpetrators are also promising to release more details if they’re paid for the information.”
 
 

From “Hackers hold 7 million Dropbox passwords ransom” by Claire Reilly