>>The takeaway here: Don't use any *remote applications in the cloud* for anything you wouldn't want to see posted on the front page of the NY Times.
FTFY This is much ado about nothing. If your box is compromised, and you're sharing things remotely, then you have more risks than if you weren't. Feel free to suggest an authentication mechanism that would withstand the initial premise of "your machine is exposed such that your config.db is stolen". Several of the comments, particularly those by alec muffett<http://blogs.computerworlduk.com/unscrewing-security/2011/04/practical-dropbox-security-advice/index.htm>, provide valuable information about the risk. I'd welcome the ability to see where else systems are logged on to Dropbox, but that's about the extent of my concern at this time. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Technology Services that Maximize Business Results... * On Wed, Apr 13, 2011 at 1:42 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > On Wed, Apr 13, 2011 at 10:29, S Powell <powe...@gmail.com> wrote: > > again, if someone has access to your config.db you have MUCH larger > > problems than access to your dropbox. > > The problem is not necessarily *your* machine (although I think that's > still a consideration), it's everyone else with whom you share the > dropbox. > > Without authentication, any compromised machine can emit the config, > and you'll have no way of knowing it. > > It gets worse when you consider that other clients for it are > available, including clients that run on hosts for which there are few > or no effective anti-malware agents (I'm looking at you, Apple.) > > The takeaway here: Don't use Dropbox for anything you wouldn't want to > see posted on the front page of the NY Times. > > > ----------------- > > Who'd you rather be, the Beatles or the Rolling Stones? > > Led Zepplin, or perhaps the Berlin Philharmonic. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
