no trading = no wuala

Posted: October 27th, 2011 | Author: | Filed under: random | Tags: , , , , , , | No Comments »

I have been using wuala for almost two years now and have been quite happy with it. End of September the wuala team announced to discontinue one of their coolest features: trading storage. This means that wuala is now yet another online cloud storage service, with client-side encryption as their only competitive advantage.
Therefore I will quit using wuala as I do not want to spend money on online storage space. At the time of writing this blog post, I have around one year to make use of the ~180GB wuala storage I earned with trading storage, before I have to pay for this storage space.

In conclusion: major bummer that wuala is moving away from a P2P storage system towards a client-server paradigm – Have a look at other online storage services šŸ™

Dropbox Security: Dark Clouds on the Horizon at USENIX’11

Posted: June 22nd, 2011 | Author: | Filed under: research, security | Tags: , , , , , , , , | No Comments »

Back in March 2010 we started an investigation into online file storage services and Dropbox in particular. Sebastian and Manuel started to disassemble the Dropbox binary and in essence created an alternative client by patching its crypto libraries. In the months that followed we found a number of security flaws with Dropbox. In November 2010 we informed Dropbox about the security holes we found: unauthorized file access as well as a potential misuse of Dropbox for an unlimited online slackspace. It took Dropbox until April 2011 to respond to our findings. In the meantime a number of independent researchers found some of the security shortcomings we described (e.g. Christopher Soghoian’s blog entry).

Thus, we are more than happy to finally present our research at this year’s USENIX Security conference in San Francisco.

In addition to our findings Dropbox had a security glitch this week, whereas authentication without providing a valid password was possible for around 4h. In summary: One should be very careful which information is stored on Dropbox and Dropbox has to overhaul their service’s security.

Preprint of our paper, is available here: dropboxUSENIX2011.pdf

More information: SBA Research