http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/ By Declan McCullagh Privacy, Inc. CNet News June 20, 2011 Web-based storage firm Dropbox confirmed this afternoon that a programmer's error caused a temporary security breach that allowed any password to be used to access any user account. The San Francisco-based start-up attributed the security breach to a "code update" that "introduced a bug affecting our authentication mechanism." Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said. "This should never have happened," Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again." This afternoon's news is a significant embarrassment for Dropbox, which (despite not being located in Silicon Valley) appeared on a list of "20 Hot Silicon Valley Startups You Need To Watch," and which received a CNET Webware award in May 2009. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Tue Jun 21 2011 - 00:26:16 PDT
This archive was generated by hypermail 2.2.0 : Tue Jun 21 2011 - 00:32:40 PDT