Dropbox Security: Dark Clouds on the Horizon at USENIX’11

Posted: June 22nd, 2011 | Author: | Filed under: research, security | Tags: , , , , , , , , | No Comments »

Back in March 2010 we started an investigation into online file storage services and Dropbox in particular. Sebastian and Manuel started to disassemble the Dropbox binary and in essence created an alternative client by patching its crypto libraries. In the months that followed we found a number of security flaws with Dropbox. In November 2010 we informed Dropbox about the security holes we found: unauthorized file access as well as a potential misuse of Dropbox for an unlimited online slackspace. It took Dropbox until April 2011 to respond to our findings. In the meantime a number of independent researchers found some of the security shortcomings we described (e.g. Christopher Soghoian’s blog entry).

Thus, we are more than happy to finally present our research at this year’s USENIX Security conference in San Francisco.

In addition to our findings Dropbox had a security glitch this week, whereas authentication without providing a valid password was possible for around 4h. In summary: One should be very careful which information is stored on Dropbox and Dropbox has to overhaul their service’s security.

Preprint of our paper, is available here: dropboxUSENIX2011.pdf

More information: SBA Research


New publications coming up soon …

Posted: February 25th, 2010 | Author: | Filed under: research, security, tor | Tags: , , , , , , | No Comments »

Our publications have been accepted at the IFIP CMS’2010 and the SEC 2010 conference. I will publish preprints soon.


PASSAT-09 in Vancouver

Posted: August 29th, 2009 | Author: | Filed under: ASE, PASSAT-09, research, security | Tags: , , , , , , , , , , , , , | No Comments »

Just arrived yesterday in Vancouver. The PASSAT-09 conference is quite nice so far and I gave my presentation today (“con mucha mierda” – Javier). I’m still tired from the trip and will hopefully post some pictures from Canada soon.
Update: The conference was great and I met some interesting people, below are some snapshots from my Vancouver sightseeing. 🙂

Sculptures near the harbour

Sculptures near the harbour
Vancouver harbourfront

Vancouver harbourfront
Stanley Park

Stanley Park
Skyline from hotel room

Skyline from hotel room

HAR09 – It was super awesome

Posted: August 17th, 2009 | Author: | Filed under: har09, random, research, security | Tags: , , , , , , , , , , , , , , , , | No Comments »
KUDOS to the HAR09 orga-team!
HAR09 Peter Kleissner - stoned bootkit
HAR09 Peter Kleissner – stoned bootkit
HAR09 computer robot at night

HAR09 computer robot at night
HAR09 Metalab knicklichter helium baloons

HAR09 Metalab knicklichter helium baloons
HAR09 Metalab linux server projected

HAR09 Metalab linux server projected

HAR09 – some more pictures

Posted: August 14th, 2009 | Author: | Filed under: har09, random, research, security | Tags: , , , , , , , , , , , , , , , | No Comments »
HAR09 tent

HAR09 tent
HAR09 amazing electro set

HAR09 amazing electro set
HAR09 Disco mirror ball in the forest

HAR09 Disco mirror ball in the forest
HAR09 Freedom not fear

HAR09 Freedom not fear
HAR09 camp

HAR09 camp
HAR09 Camp at night

HAR09 Camp at night
HAR09 lounge unicorn

HAR09 lounge unicorn