News reports suggesting that hackers could easily hijack user accounts for services from major file sync & share provides like Dropbox, Google Drive, Microsoft OneDrive and Box with only limited access to computers the programs run—without having access to user names and passwords. Not great news for the FSS industry. Aron Brand, CTO at CTERA commented on the hackers target dropbox, exposing risk of consumer sync and share.
[su_note note_color=”#ffffcc” text_color=”#00000″]Aron Brand, CTO at CTERA :
“It shouldn’t come as a surprise that cloud-based file sync & share services result in new vulnerabilities – after all, the ‘attack surface’ (potential inroads for infiltration) is made considerably larger by virtue of the constant file traffic to and from the cloud, as well as file sharing between groups of users. Private, behind-the-firewall deployments are obviously a lot less vulnerable than public services to any attack. Additionally, enterprise can choose solutions that prevent tokens from being reusable on multiple endpoints – which, at least in this case, would make this “Man in The Cloud” attack impossible..”[/su_note][su_box title=”About CTERA” style=”noise” box_color=”#336588″]
CTERA Networks bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Our solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.[/su_box]
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
