问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
开发者社区
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答

Dropbox 在纳税申报表出现在 Google 之后会禁用旧的共享链接。

  • Dropbox disabled access to previously created shared links of certain documents after finding that some users' sensitive files were exposed through Google AdWords campaigns.

    • The flaw also affects Box and impacts shared files with hyperlinks.
    • Shared links are only accessible to those with the link, but can be inadvertently disclosed in specific scenarios like when a user shares a document with a hyperlink and someone clicks on it, disclosing the original shared link.
  • File-sharing company IntraLinks discovered the flaw while purchasing ads. It gained access to confidential files including tax returns, bank records, etc.
  • Box will issue a statement on the weakness soon.
  • Documents can be scooped up by advertising servers when users paste shared links into a search engine box. Security expert Graham Cluley recommended Box users change shared link security settings.
  • This isn't the first time shared links came under security scrutiny. In 2011, researchers could access shared files by guessing URLs.
  • Update: Box provided a statement saying secure content sharing is core to them and they provide various options for sharing. A Box spokesperson added that they haven't noticed abuse but are exploring ways to limit exposure and recommend using permission settings.
  • Dropbox disabled access to previously shared links and patched the vulnerability for all future shared links. Dropbox for Business customers can restrict shared link access to team members.
Dropbox disables old shared links after tax returns end up on Google
https://arstechnica.com/information-technology/2014/05/dropbox-disables-old-shared-links-after-tax-returns-end-up-on-gooogle/
阅读 3
0 条评论
得票最新