![]() ![]() If someone accidentally shares a private Dropbox link it can be disabled at any time from the Dropbox website, on the Links tab. We don’t believe that this is a vulnerability. Intralinks tells me that it privately informed Dropbox that data was being leaked via the shared link vulnerability in late November 2013. There is no option to password protect or create a link expiration date, which means the person on the receiving end does not have to authenticate (prove via a password that they are the intended recipient) themselves to view the document. This is how you would create a Shared Link in DropBox. (DropBox launched in 2008) DropBox’s Approach to Shared Links is Flawed We were kind of warned about this 2008 when the Omnibox first appeared, but at that time virtually no one was using DropBox to share documents. You have now shared that document with that search engine’s AD Providers. If you email someone a link to a Document in DropboxĪnd they take that link and paste it into a Browser’s Omnibox: We urge everyone to be careful about providing shared links to third parties like search engines. This is well known and we don’t consider it a vulnerability. This involves a user entering a shared link into a search engine and the search engine passing that link on to ad partners. Update - We’re aware of a second issue that’s been reported about shared links. While researching this security flaw I stumbled across an even bigger one that DropBox will not fix. ![]() If you had a document with a hyperlink to a website like, that site’s webmaster would be able to see the DropBox link and the document you shared. This was because Dropbox disabled all shared links after a security vulnerability were discovered. He kept telling me none of the links worked. During some downtime, I sent one of my speaking partners a couple of links via DropbBox to the updated presentation we are giving for the Louisiana State Bar. I was in Colorado this past week for a conference. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |