Tuesday, May 6, 2014

Dropbox cuts access to shared documents that were accidentally exposed to the web

Dropbox imagery


If you've shared a Dropbox document recently, but your intended recipients are complaining that the link is bust, then here's the likely reason: The cloud storage service has been forced to sever many shared links after realizing, perhaps a bit late in the day, that they contained an inherent security flaw that could potentially expose documents to the wrong people. Specifically, an authorized user who opens a document and clicks on any hyperlink within its text could unwittingly expose the entirety of that document to the webmaster of the hyperlinked site.


Sound complicated? It really isn't. It's just a simple byproduct of the internet's standard "referer headers" that allow webmasters to see who is referring traffic to their site. If the referer happens to be a Dropbox file, then a curious webmaster is going to have no trouble accessing that file just as if he was an authorized recipient. Fortunately, there are no reported instances of this happening, and Dropbox says it has already fixed the issue for all newly created documents. As for older files, however, they've been automatically de-shared "until further notice" -- so you might want to follow these steps to create new links for them.

Filed under: ,


Comments


Source: Dropbox


0 comments:

Post a Comment