Via
CRYPTO-GRAM

                 June 15, 2011

               by Bruce Schneier

I haven't written about Dropbox's security problems; too busy with the=20
book.  But here's an excellent summary article from The Economist.
http://www.economist.com/blogs/babbage/2011/05/internet_security
The meta-issue is pretty simple.  If you expect a cloud provider to do=20
anything more interesting than simply store your files for you and give=20
them back to you at a later date, they are going to have to have access=20
to the plaintext.  For most people -- Gmail users, Google Docs users,=20
Flickr users, and so on -- that's fine.  For some people, it isn't.=20
Those people should probably encrypt their files themselves before=20
sending them into the cloud.
Another security issue with Dropbox:
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.