Hundreds of Dropbox credentials reportedly leaked online, company denies breach

13»

Comments

  • Reply 41 of 56
    ipen wrote: »
    Cloud is not safe.  I only use it for files which I can lose and i don't care if the world sees it.

    I do hope that all of your gear is secured well and backed up at least 2 times, one of them off-site in a safe somewhere. Also when using open hot spots or even the wifi at your place of employment is tight.

    If all of that is in order... more power to ya... and you still only get one point for using "lose" instead of the more common "loose" in these types of posts. Especially when most people's back-up habits and assorted surfing habits are just as unsafe as the cloud is.
  • Reply 42 of 56
    solipsismxsolipsismx Posts: 19,566member
    4) security questions for password recovery;

    I also suggest not using real answers for the security questions. If you use a password manager it's easy enough to keep these organized, but there is also the Secure Notes in Keychain, or even physically written down in a booklet as one doing a physical B&E isn't likely the same person looking to break into your accounts.

    Of course, with security their is almost always an inverse relation to convenience so at the very least I suggest people use the same atypical answers for the security questions. E.g.: What is your mother's maiden name? Ebola.

    Also when using open hot spots or even the wifi at your place of employment is tight.

    I use open WiFi hotspots frequently so after the new Mac minis are introduced I'm going to see about setting up a VPN from my house so i can remotely connect my Mac and iPhone to secure local transmission when abroad.
  • Reply 43 of 56
    MacProMacPro Posts: 19,718member
    welshdog wrote: »
    You haven't met many human beings have you?  First, the "best practices" you mention are not at all known to the average device using person.  Trust me, they don't know such things even exist, so how would they find them or even know to look for them?  Second, never forget that, at all times, half the population is on the LEFT side of the IQ bell curve.


    LOL, that's one of my favorite quotes ... and it's true! Problem is those who are left are most often right in the USA .... and that is a double entendre that's actually correct both ways you can take it ... there are not too many of those around!
  • Reply 44 of 56
    Who in their right mind would use cloud base systems for sensitive information anyway ?

    If I ever took a picture of my penis (I'll never do that don't worry) and wanted to send it through any of these services.

    I wouldn't trust any of these services, be it from Apple, Google, Agilebits, dropbox. Appchat etc. I wouldn't trust apple with my health information anyway no matter how secure they say it is. I would never put such info on ANY device.

    I would never put something like that online or send it over the air on wifi or LTE without being on a VPN.

    I would never do that, 'cause I'm not stupid. So My drop-box account, my iCloud account only has stupid everyday-life shit on it that I wouldn't give a F... if anyone hacked into it. It's just pictures of my car, a recipe or the leaked Jlaw photos nothing I'd give two-shits about if they were hacked. I have my personal cloud a WD EX2 it's inside my home network. That's mine, that's my stuff.
  • Reply 45 of 56
    philboogiephilboogie Posts: 7,675member

    What do you tell a successful businessman in that situation?

    That he's also very successful in taking chances¿
  • Reply 46 of 56
    Since I use Dropbox's 2-step authentication (Google Authenticator iPhone app), should I bother changing my password?
  • Reply 47 of 56
    [quote name="Apres587" url="/t/182791/hundreds-of-dropbox-credentials-reportedly-leaked-online-company-denies-breach/40#post_2619574"]Since I use Dropbox's 2-step authentication (Google Authenticator iPhone app), [B]should I bother changing my password?[[/B]/quote]

    If you're ever in doubt, just change your password.

    You see, here's evidense that passwords "are a bother" i.e. a pain in the butt for most people.
  • Reply 48 of 56
    solipsismx wrote: »
    I also suggest not using real answers for the security questions. If you use a password manager it's easy enough to keep these organized, but there is also the Secure Notes in Keychain, or even physically written down in a booklet as one doing a physical B&E isn't likely the same person looking to break into your accounts.

    Of course, with security their is almost always an inverse relation to convenience so at the very least I suggest people use the same atypical answers for the security questions. E.g.: What is your mother's maiden name? Ebola.
    I use open WiFi hotspots frequently so after the new Mac minis are introduced I'm going to see about setting up a VPN from my house so i can remotely connect my Mac and iPhone to secure local transmission when abroad.

    Would something like this be of use in a VPN configuration?
    Anonabox::Router that anonymises internet activity... Kickstarter

    [VIDEO]http://kck.st/1sxMtQI[/VIDEO]

    +++ Also a big YES to false answers to recovery questions.... AND I use the secure notes of 1Password extensively for all kinds of information I need to collect.

    BTW: Thanks for the recent blog post link from Agile regarding this topic.
  • Reply 49 of 56
    Quote:
    Originally Posted by SolipsismX View Post





    These are all solutions with pros and cons, and there are many other solutions, but suggesting not having a unique password per site/account is not one of them. As for remembering, why do that? Use a password manager.

     

    I actually think it's easier to remember the password for every site. I have a simple algorithm to produce a password:


    • At certain positions in the password, insert the length of the primary domain name and the first letter in it (like 13 and a for Appleinsider could be 1a3, at some point in the password). This is the only part that varies from site to site.

    • Think up a sentence that's easy to remember. Grab the first letter from each word and string them together. Then replace some with numbers and/or special characters. If needed for some sites, have a standard position to fulfill any unique password requirements. "The only thing we have to fear is fear itself" --> tOtWhTfiFi --> t0tWhTfif!

    • So the whole password could be a13t0tWhTfif! or t0tWhTfif!1a3 or... just decide on how they fit together. My wife and I have no trouble remembering passwords, and if I open a new account somewhere new, and she needs access, she can produce the password without us speaking about it.

     

    The password above shows something on the order of 100s of centuries to crack on random strength checkers.

  • Reply 50 of 56
    philboogiephilboogie Posts: 7,675member
    solipsismx wrote: »
    These are all solutions with pros and cons, and there are many other solutions, but suggesting not having a unique password per site/account is not one of them. As for remembering, why do that? Use a password manager.

    I actually think it's easier to remember the password for every site. I have a simple algorithm to produce a password:
    • At certain positions in the password, insert the length of the primary domain name and the first letter in it (like 13 and a for Appleinsider could be 1a3, at some point in the password). This is the only part that varies from site to site.
    • Think up a sentence that's easy to remember. Grab the first letter from each word and string them together. Then replace some with numbers and/or special characters. If needed for some sites, have a standard position to fulfill any unique password requirements. "The only thing we have to fear is fear itself" --> tOtWhTfiFi --> t0tWhTfif!
    • So the whole password could be a13t0tWhTfif! or t0tWhTfif!1a3 or... just decide on how they fit together. My wife and I have no trouble remembering passwords, and if I open a new account somewhere new, and she needs access, she can produce the password without us speaking about it.

    The password above shows something on the order of 100s of centuries to crack on random strength checkers.

    The sys admin over at Huddle is going to have a ball seeing which sites he can access with this info.
  • Reply 51 of 56
    Quote:

    Originally Posted by PhilBoogie View Post





    The sys admin over at Huddle is going to have a ball seeing which sites he can access with this info.

     

    Ha!

     

    Good luck...

  • Reply 52 of 56
    philboogiephilboogie Posts: 7,675member
    Would something like this be of use in a VPN configuration?
    Anonabox::Router that anonymises internet activity... Kickstarter

    Accessing the Internet over TOR will make it very slow as far as my knowledge goes. It is an inherent result due to the sheer amount of routers, but perhaps [@]SolipsismX[/@] can elaborate (or refute) this.
  • Reply 53 of 56
    philboogie wrote: »
    Accessing the Internet over TOR will make it very slow as far as my knowledge goes. It is an inherent result due to the sheer amount of routers, but perhaps [@]SolipsismX[/@] can elaborate (or refute) this.

    No need to worry about the Anonabox TOR Router, it's been canceled amid controversy. Further reading at the Ars article.

    Note of interest though, is that these weren't just run-of-the-mill routers with TOR access as a bolt on function:
    Our board is custom and we have put a lot of work into it. If it were as easy as installing Tor on a regular router everyone could just do it with their current home devices now, but it takes a lot of system resources to make Tor run smoothly. You need at least 16mb flash memory (not ram) just for the Tor binaries themselves. Our current image is just over 10mb which will not fit on most routers you could find even at Best Buy unless you paid $300.

    There's some more links in the article if anyone wants to do this themselves with OS software.
  • Reply 54 of 56
    solipsismxsolipsismx Posts: 19,566member
    philboogie wrote: »
    Accessing the Internet over TOR will make it very slow as far as my knowledge goes. It is an inherent result due to the sheer amount of routers, but perhaps [@]SolipsismX[/@] can elaborate (or refute) this.

    I haven't even heard of it.
  • Reply 55 of 56
    MarvinMarvin Posts: 15,310moderator
    solipsismx wrote: »
    I use open WiFi hotspots frequently so after the new Mac minis are introduced I'm going to see about setting up a VPN from my house so i can remotely connect my Mac and iPhone to secure local transmission when abroad.

    There are instructions for setting up a VPN server on OS X and OS X Server here:

    http://www.techrepublic.com/blog/apple-in-the-enterprise/apple-os-x-server-how-to-configure-a-vpn-service/
    http://blog.macminicolo.net/post/67570761408/setup-a-vpn-server-with-mavericks-server-10-9

    Public paid VPN services tend to be more reliable and faster than free ones but being shared, they still tend to drop you off the network at random. The problem you have with relying on home internet is you often don't get a static IP. If you can get that from your ISP, you can setup your router to forward requests on to your OS X Server.

    Some routers seem to be able to do it but also need some configuration.

    That would be a pretty cool feature for Apple to implement in their Airport products and it might even be able to get round dynamic IPs using iCloud. When you connect the Airport to the router, there would just be a setting to start the VPN server with a passcode (they'd require a secure one because this gives external access to your internal network). When you are out and about, your iPhone can request to connect to your personal VPN, it would know the IP from iCloud and login. Not only can this give you a secure connection on public wifi but it can give you internal access to your home computers so you'd even be able to grab songs off iTunes or save files to/from the Mac.

    This is sort of what Back to My Mac does but I don't think it does the network routing part:

    http://support.apple.com/kb/HT4907?viewlocale=en_US&locale=en_US
  • Reply 56 of 56
    solipsismxsolipsismx Posts: 19,566member
    Marvin wrote: »
    There are instructions for setting up a VPN server on OS X and OS X Server here:

    http://www.techrepublic.com/blog/apple-in-the-enterprise/apple-os-x-server-how-to-configure-a-vpn-service/
    http://blog.macminicolo.net/post/67570761408/setup-a-vpn-server-with-mavericks-server-10-9

    Public paid VPN services tend to be more reliable and faster than free ones but being shared, they still tend to drop you off the network at random. The problem you have with relying on home internet is you often don't get a static IP. If you can get that from your ISP, you can setup your router to forward requests on to your OS X Server.

    Some routers seem to be able to do it but also need some configuration.

    Thanks.
    That would be a pretty cool feature for Apple to implement in their Airport products and it might even be able to get round dynamic IPs using iCloud. When you connect the Airport to the router, there would just be a setting to start the VPN server with a passcode (they'd require a secure one because this gives external access to your internal network). When you are out and about, your iPhone can request to connect to your personal VPN, it would know the IP from iCloud and login. Not only can this give you a secure connection on public wifi but it can give you internal access to your home computers so you'd even be able to grab songs off iTunes or save files to/from the Mac.

    This is sort of what Back to My Mac does but I don't think it does the network routing part:

    http://support.apple.com/kb/HT4907?viewlocale=en_US&locale=en_US

    That would be great, and would help with their security and "we don't monitor you" marketing which could help sell more routers, even if you aren't a Mac user.
Sign In or Register to comment.