On Wed, Apr 13, 2011 at 11:17, Andrew S. Baker <asbz...@gmail.com> wrote: >>>The takeaway here: Don't use any remote applications in the cloud for >>> anything you wouldn't want to see posted on the front page of the NY Times. > FTFY
I'll accept that fix. > This is much ado about nothing. I don't believe as you do. > If your box is compromised, and you're > sharing things remotely, then you have more risks than if you weren't. That's not the risk I am concerned about. I'm concerned about the risk where you're sharing a Dropbox account with folks whose machines are not under your control, which, from my understanding, is one of the major use cases for this service. Putting aside any concerns about the security of the Dropbox infrastructure (which is a considerable question of its own), the security model for this is completely borked. > Feel free to suggest an authentication mechanism that would withstand the > initial premise of "your machine is exposed such that your config.db is > stolen". My initial premise that your Dropbox is exposed if your config.db is stolen - not the same thing. > Several of the comments, particularly those by alec muffett, provide > valuable information about the risk. > I'd welcome the ability to see where else systems are logged on to Dropbox, > but that's about the extent of my concern at this time. And, given that some influential staff in my org are using Dropbox, and started doing so without notifying IT, I'm concerned about that too, and that I don't have a good way to turn their access to it off. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
