Intralinks
has revealed an alarming problem of privacy affects the way many people use
sync files and share applications that could put most sensitive personal
information and, where applicable, their employers, in grave danger. Similar to
how many people expose publicly the details of themselves , their families and
their activities on social media are also more sensitive expose private
information to synchronize and share consumer applications .
During a
routine analysis of Google AdWords and Google Analytics data to name names
competitors (Dropbox and Box), discovered accidentally fully clickable URLs
needed to access these documents led us to live the folder contents , some with
sensitive data . Through these links , we gained access to confidential records
including tax returns , banks , mortgage applications , blueprints and plans -
all highly sensitive information , some might be sufficient for identity theft
and other crimes .
Background
The most
recent survey U.S. Federal Trade Commission about the scam consumers found that
more than 10 % of adult Americans are still victims of fraud each year .
Another survey from security company home Friedland found that 78 % of burglars
use publicly available status updates social media to gain information about
their targets . A third survey by research firm Coleman Parks found that 67 %
of consumers between the ages of 18-35 and 59 % between 35 and 44 do not care
about online privacy .
And it
gets worse . A recent article from the London Evening Standard reports that 70
% of fraud is most cyber crimes . And according to research Fiberlink, more
than 50 % of the subjects reported sending sensitive data to cloud services
such as Dropbox and iCloud.
The
evidence is clear : Despite all the cases of identity theft , theft and fraud ,
consumers continue to deal directly safety for convenience or perceived
personal gain . For businesses, this is extremely bad news - because the same
consumers are also workers , and many carry the exchange of consumer grade and
safety practices in business.
Why does
it matter
We came to
this topic completely random while running a competitive campaign in Google
AdWords. Solutions file sharing users created share links to their files and
started them in the " Search " instead of the URL box in web browsers
, so that our campaign collected the data . This was not as unusual as it might
sound , and we met a lot of files over a fairly short campaign Google AdWords.
We believe that it is relatively easy for others to replicate our results . In
the process of confirming how this happened , then we found other issues with
some free file sharing applications makes them prone to data loss. Therefore ,
avoid some free versions of popular applications file sharing for personal use,
and , of course , for professional use , when it comes to sensitive
information.
To be
clear , we have gained access to the files , because users of file sharing
applications often do not take simple precautions to protect their data. When
used in this way, all the file sharing applications are potentially vulnerable.
When using file sharing applications , many people fail to use basic security
features and take some action even with extremely sensitive financial data .
Moreover , many privacy mingle with confidential company data without security
in place.
How to
Protect Your Data from Sync and share issue
Sync files
of consumers and share applications used by millions of people to quickly
exchange information with friends , family and colleagues. Most users are under
the false impression that the bonds they share is impossible for others to
reveal , even when they fail to properly configure access controls . Moreover ,
most are not aware that some free products do not provide the ability to secure
adequate records . Some free systems , including Dropbox, do not support
privacy settings . Dropbox briefed on the matter , when first revealed records
in November 2013 to give them time to respond and deal with the problem . They
sent a brief reply saying , "I believe that this is a vulnerability .
"
Some steps
to protect better your data :
- Check sync and share your services to see if it supports your privacy settings . When it comes to file synchronization and share applications , make sure that the product supports using the settings " privacy " , which ensures that only people you invite will be able to access a file . The system must also be able to support authentication , provided that users identify themselves and to have a password .
- Set your account to "private" , using basic security settings . Most applications sync and share files default to a " public" setting , that means everyone in your connection can easily access your files. This can be handy if you want to share a non- sensitive issue with many people , but we recommend that you set your account to "private" by default , and then invite specific individuals with whom you want to share.
- If you have already shared sensitive files in a public folder , delete them. If you have already shared information is private , do not change the situation - to delete the files and reload a new private folder . Changing the status of the file from public to private , is not a foolproof way to protect files that you've already shared.
- Delete old files you no longer need . Get in the habit of deleting files from the sync and share your application since you no longer need them. We found many sensitive files that had been posted here a long time, which probably had forgotten.
- Never mix work and pleasure - to keep records of business and personal files in separate accounts . We found several business data in files personal account . This is a bad idea . If you are using a consumer grade system , move your sensitive business data in an application created for professional use .
Your
employer may have rules about storing sensitive information on quality systems
for consumers , so they may be in violation of law or contract , if put
confidential information on these systems . If something goes wrong and the
data leaks , the consequences can be severe : the lost reputation , regulatory
and legal issues and financial losses . If the data belonging to a client or
partner , the protection of data generated too.
Update :
Dropbox posted a blog announcing a "web vulnerability affecting shared
links to files that contain hyperlinks ," stating that they have taken
measures to overnight in the vulnerability disclosure hyper
0 comments:
Post a Comment
We are eager to see your comment. All comments will moderate by the hand of man, and all links are nofollow.