http://www.giveawayoftheday.com/forums/tags/security Giveaway of the Day Forums » Tag: security - Recent Posts en-US Sun, 12 Feb 2012 15:23:16 +0000 http://bbpress.org/?v=1.0.2 http://www.giveawayoftheday.com/forums/topic/10483#post-95776 Wed, 05 Oct 2011 00:00:50 +0000 Dragonlair 95776@http://www.giveawayoftheday.com/forums/ <p>I agree - bringing it out in the open is a great incentive for them to fix them fast. I think some HIDE in their support forums.</p> <p>Is the AVG one (Sandlot game Glyph) the third Active FP? </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95774 Tue, 04 Oct 2011 23:53:02 +0000 jcollake 95774@http://www.giveawayoftheday.com/forums/ <p>During our first week we had 3 REAL TIME false positives reported. <strong>2 of those 3 were fixed ON OUR FORUM by representatives of the security companies (Symantec and Trend). </strong>Kudos to them! </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95742 Sun, 02 Oct 2011 22:59:02 +0000 jcollake 95742@http://www.giveawayoftheday.com/forums/ <p>SIX security companies are monitoring the new site, some more officially and publicly than others. Some are showing us they care it seems. I am glad to see this. Just a quick update. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95733 Sun, 02 Oct 2011 19:48:40 +0000 Robert 95733@http://www.giveawayoftheday.com/forums/ <p>Unfortunately alongside the false positives issue,application monitoring tools ,which are getting better all the time, can do much harm too.<br /> The good thing is they monitor every little detail running a setup ,for instance if a program is not digitally signed (or if some files are not yet included in their cloud database)<br /> The bad thing is they can ask you some awkward questions and leave the end user somewhat bewildered (now why would that program be monitoring my keystrokes [cfr.delenn13],use regsvr32 or DNS API etc...) So they could stop the user from actually installing a program and make him even spread negative comments about it ,doing as much harm to a dev as a false antivirus positive. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95730 Sun, 02 Oct 2011 18:53:32 +0000 delenn13 95730@http://www.giveawayoftheday.com/forums/ <p>The users NEED to be educated as to what their security does and how their security works. When I installed the latest update to my WinPatrol, I think I had 5 alerts. I read what it was doing and allowed it. No sweat! If I install a game, I know a key logger alert of some kind is gonna come up because the game HAS to use your mouse/keyboard to play. Not allowing a program to be installed at all and deleting it is way above the call of what I would think a security program is supposed to do. </p> <p>This is a copy of what I <strong>TRIED</strong>to post on the Software comment page. It just disappeared. :( And I was really good and didn&#39;t blast Norton..I promise. Though it was tempting.(I just realized #17 is was using a proxy..oops.)</p> <p><strong>Thank you, all powerful Mod. It finally posted.</strong> </p> <p>&quot;#14 &amp; #17 please go here <a href="http://falsepositivereport.com" rel="nofollow">http://falsepositivereport.com</a> to report your False Positives with your security programs. The GOTD staff vigorously test each program they offer. It is not a virus nor malware.</p> <p>About The False Positive Report:</p> <p>“This is a new effort to help slow (and expose) the plague of false positives and mis-rated web sites that are destroying hundreds or thousands of small businesses every year. Some security companies do better than others, but never before has there been a place where false positives and mis-rated sites can be publicly reported. The security companies can then respond, fix the issue, then determine why it happened and work with the vendor to avoid it in the future. After all, once a false positive happens, the damage is already done.</p> <p>The intent is not to crucify the security industry, I hope everyone understands that. Each company is different and unique. Transparency allows us to see which act responsibly, and which don’t. Users can see which security companies CARE about false positives and the collateral damage to hundreds or thousands of innocent small businesses. Accountability is important to fixing this issue.</p> <p>GENERAL USERS: Until we get the ball rolling, tell these security companies you want to know their false positive rates, and how they handle such occurrences when they do happen.”</p> <p>There is a thread in the GOTD forum: Helping to prevent false positives and mis-rating of web sites « Giveaway of the Day Forums – <a href="http://www.giveawayoftheday.com/forums/topic/10483" rel="nofollow">http://www.giveawayoftheday.com/forums/topic/10483</a></p> <p>If you want to continue to use Norton or Outpost, then help them become a better security product.</p> <p>As far as the program, downloaded and installed with no problems with MSSE. I have 3 PC’s I bounce files back and forth with changes. This will help so much. Thank you GOTD and Salty Brine Software for the chance to try out this software.&quot; </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95701 Sun, 02 Oct 2011 00:50:37 +0000 delenn13 95701@http://www.giveawayoftheday.com/forums/ <p>This is good news. I have a few other places to email/blog/post the info to. Just been a bit busy. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95618 Thu, 29 Sep 2011 02:31:47 +0000 jcollake 95618@http://www.giveawayoftheday.com/forums/ <p>The site has already improved an ORDER OF MAGNITUDE.</p> <p>FIVE different security vendors are MONITORING the site.</p> <p>This is growing beyond belief ;). Rarely do we have a chance to change an injustice in this world. Here we do -- so let&#39;s do it!</p> <p><a href="http://falsepositivereport.com" rel="nofollow">http://falsepositivereport.com</a> </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95564 Tue, 27 Sep 2011 17:39:19 +0000 jcollake 95564@http://www.giveawayoftheday.com/forums/ <p><a href="http://falsepositivereport.com" rel="nofollow">http://falsepositivereport.com</a></p> <p>Although I&#39;ve said it before, I am very appreciative to see such strong support of this new effort. </p> <p>First, I am glad to see that users understand that Accountability and Transparency is so important to fixing this plague upon small software vendors and web sites. Simply retroactively fixing false positives and mis-ratings is not good enough - though many companies don&#39;t even bother fixing these things in a timely manner. Nobody expects *perfection*, but we do expect that many of these companies try harder to AVOID these problems to start with, and fix them expediently when they do occur.</p> <p>That said, there ARE responsible companies. One is Microsoft. They take the conservative approach. That is why they have one of the lowest FP rates in the industry (if not THE lowest). This does lower their detection rate a little, but in reality, your effective level of protection is hardly lessened.</p> <p>This is not a project I can do alone, so I am trying to hand it off to the community to run. For instance, the forum was set up by a volunteer. I have appointed a manager and public relations volunteer as well. Of course, I still contribute every day.</p> <p>The site has a long way to go, but it is important we continue to spread this message. A CENTRAL repository shows how bad this problem is.</p> <p>Several companies have given me &#39;direct lines&#39; to report any problems, so we are getting places fast. However, the idea is not to fix everyone&#39;s FPs for them, it is to PREVENT them from happening to start with... and to make vendors come to our site, instead of putting already victimized people through h*ll to report a FP or misrating.</p> <p>Let us, as a community, finally make a stand! Let us base our purchasing decision on the vendors that cause the LEAST collateral damage by having the lowest FP rates. Fixing them expediently is important too, but avoidance is critical, as once a FP or site mis-rate happens, the damage is ALREADY done.</p> <p>I think if the general public knew what we software vendors, site owners, and users have been put through there would be an uproar! </p> <p>As the site grows, we can also collect STATISTICS, showing who causes the least collateral damage to innocent software vendors and site owners.</p> <p><strong>The true irony is that these super-aggressive tactics do little to deter malware, else there wouldn&#39;t be such a huge malware problem!</strong></p> <p>NOTE: To prevent any and all conflicts of interests, note that I do not link to my site or use my company name anywhere. This is a non-profit site promoting NOTHING but exposure of this plague!</p> <p>Thank you all ;).</p> <p><a href="http://falsepositivereport.com" rel="nofollow">http://falsepositivereport.com</a> </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95524 Mon, 26 Sep 2011 17:14:33 +0000 Dragonlair 95524@http://www.giveawayoftheday.com/forums/ <p>I posted on the Avira forums that I had 36 false positives in a little over 2 years. I wanted to know if it was &quot;normal&quot; or am I being hit more often than usual. Nobody would answer the question. I currently have 2 files on my exception lists because Avira insists that a small Microsoft file that is used by HP and was installed WITH my machine is malware. I had Avira for more than 2 years before it even noticed it. Why would a file - untouched - suddenly be &quot;definitely&quot; malware after that long? </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95522 Mon, 26 Sep 2011 16:40:04 +0000 mikiem2 95522@http://www.giveawayoftheday.com/forums/ <p>Just a guess, but it seems like a public awareness/education effort or focus might help... as long as there are people rating their AV software on the number of alarms it gives off, AV publishers have zero incentive to mend their ways. IOW sort of a big, flashy, did you know AV software false positives are bad, costing you X number of hours &amp; Y number of dollars? Once the public sees why it&#39;s bad, direct them on what they can do to get it fixed. I mean most people aren&#39;t very sympathetic to the plight of some anonymous developer, because that has no effect that they can see on the stuff they feel is important -- once it hits home that they paid more for the software *They* use, or some feature they&#39;d love to have has been sidelined directly or indirectly because of AV false positives, they might be more than eager to do something about it, help in any way they can. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95521 Mon, 26 Sep 2011 16:29:46 +0000 Dragonlair 95521@http://www.giveawayoftheday.com/forums/ <p>Bubby, It&#39;s not the file NAME, but the file name STRUCTURE that&#39;s the problem. Avira seems to have a problem handling &quot;double extension&quot; file names and I have no idea why. Only the last extension (.exe) is important in this case so why does it matter that it&#39;s always named &lt;gamename&gt;.wrp.exe where &lt;gamename&gt; is the name of the game being executed.</p> <p>When I reported the first file of this structure, they kept saying it will be fixed in the next update and then FINALLY (after about a month) told me it took an engine update, not a definition update to fix the problem. If that&#39;s the case, then why is that extension structure still causing problems? </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95518 Mon, 26 Sep 2011 14:57:50 +0000 BuBBy 95518@http://www.giveawayoftheday.com/forums/ <p>Don&#39;t accept any excuse from your Antivirus company that bases their detection only on the filename. </p> <p>I&#39;ve seen a few in the past when the only trigger that caused the antivirus software to announce the file was infected is that it had the SAME FILENAME as another known infected file that the AV company tested against. That is just lazy. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95496 Sun, 25 Sep 2011 21:33:43 +0000 Dragonlair 95496@http://www.giveawayoftheday.com/forums/ <p>Thanks for this new site. I&#39;ve joined. The timing is perfect since I&#39;m fighting a type of False Positive that can take a month or more to fix based on the last time I had a file with this naming structure in a case like this.</p> <p>It&#39;s a great way to let off steam when you&#39;re getting the runaround from your anti-virus and help out others at the same time! </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95484 Sun, 25 Sep 2011 16:40:55 +0000 Inas 95484@http://www.giveawayoftheday.com/forums/ <p>nice site, Mr. Collake, thank you. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95481 Sun, 25 Sep 2011 16:03:32 +0000 jcollake 95481@http://www.giveawayoftheday.com/forums/ <p>Thanks for the links ;).</p> <p>This site is now: <strong>The False Positive Report</strong></p> <p><a href="http://falsepositivereport.com" rel="nofollow">http://falsepositivereport.com</a></p> <p>And thanks all for your continued support, well wishes, and assistance. It is YOU who will help this to succeed, or not. I hope we can really make a difference in the world, and save innocent businesses. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95471 Sun, 25 Sep 2011 09:16:21 +0000 hotdoge3 95471@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.freeware-guide.com/FalsePositives.html" rel="nofollow">http://www.freeware-guide.com/FalsePositives.html</a></p> <p><a href="http://www.nirsoft.net/false_positive_report.html" rel="nofollow">http://www.nirsoft.net/false_positive_report.html</a></p> <p><a href="http://nsis.sourceforge.net/NSIS_False_Positives" rel="nofollow">http://nsis.sourceforge.net/NSIS_False_Positives</a></p> <p><a href="http://www.pcmag.com/article2/0,2817,2371197,00.asp" rel="nofollow">http://www.pcmag.com/article2/0,2817,2371197,00.asp</a></p> <p><a href="http://www.av-comparatives.org/en/comparativesreviews/false-alarm-tests" rel="nofollow">http://www.av-comparatives.org/en/comparativesreviews/false-alarm-tests</a> </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95457 Sun, 25 Sep 2011 01:47:31 +0000 delenn13 95457@http://www.giveawayoftheday.com/forums/ <p><strong>UPDATE:</strong> Site is up and running. <a href="http://FalsePositiveReport.com" rel="nofollow">http://FalsePositiveReport.com</a></p> <p>And The DonationCoder Newsletter made mention of this project: <a href="http://www.donationcoder.com/forum/index.php?topic=28149.0" rel="nofollow">http://www.donationcoder.com/forum/index.php?topic=28149.0</a></p> <p>Spread the word! </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95429 Sat, 24 Sep 2011 10:41:07 +0000 graylox 95429@http://www.giveawayoftheday.com/forums/ <p>Thank you <strong>Delenn</strong> for sharing this news. </p> <p><strong>Jeremy Collake</strong> you deserve a lot of appreciation for all your dedicated work.<br /> This board is only the latest of your courageous steps to call attention to deplorable customs and circumstances.</p> <p>As BuBBy says, <em>&quot;there is an issue of user education&quot;</em> and insight, we notice that every day here in the comments and forums and we are not always successful, to persuade the user that his find is not malware. </p> <p>Thank you Jeremy and good luck!</p> <p>graylox </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95428 Sat, 24 Sep 2011 09:58:42 +0000 BuBBy 95428@http://www.giveawayoftheday.com/forums/ <p>Well I see enough reports of &quot;My antivirus tells me GOTD has a Virus&quot; - and over the years.</p> <p>Not only is it up to the security companies to act responsibly, but there is an issue of user education. AntiVirus products do report false positives (some more than others). Users need to be taught that Security software isn&#39;t always correct - and when users run off to other sites to announce that company X is distributing viruses and telling everyone they can - it causes even more damage. <strong>The first point of resolution should be with the software developer and awaiting confirmation from the antivirus developers.</strong></p> <p>One example that comes to mind, in the past we have given away utility software that makes use of global keyboard hooks (to support hotkey functionality) - and antivirus software announces that the software has a keylogger. Then users post in the comments and WOT based on the incorrect/unclear report from the AV software. (I&#39;m assuming they need to post to warn &quot;all the other users&quot; who never run antivirus software).</p> <p>Too much damage can be done by inexperienced users broadcasting across the internet incorrect or incomplete information. So there are two sides to the problem - unclear or misleading information from AV software presented to non-technical users (who then report to the world that a company/site cannot be trusted), and the AV companies who take forever to address this or correct their definition files - to address all of the unwarranted bad press. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95426 Sat, 24 Sep 2011 02:52:03 +0000 jcollake 95426@http://www.giveawayoftheday.com/forums/ <p>Yes, thank you for helping to spread the word. Transparency and public accountability will let consumers know which security companies are *trying* and which companies are NOT. Then they can make informed decisions about which security software products they&#39;d like to purchase.</p> <p>As always, the power is in the hands of the consumer. Choose carefully who you spend your money with and you can force these corporations to act ethically and responsibly.</p> <p>BTW, since I have contacts at almost every security company now (due to me authoring an EXE packer), they have ALL been informed of this. Some have expressed a willingness to participate. Others have not responded. But, they are ALL watching. Point is: NOW is the chance to be heard!! </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95425 Sat, 24 Sep 2011 02:41:06 +0000 BuBBy 95425@http://www.giveawayoftheday.com/forums/ <p>Thanks for posting this!</p> <p>Sounds like an obvious idea that should&#39;ve happened years ago.<br /> Hopefully this will get the support it deserves. </p> http://www.giveawayoftheday.com/forums/topic/10483#post-95423 Sat, 24 Sep 2011 01:36:41 +0000 delenn13 95423@http://www.giveawayoftheday.com/forums/ <p>Remember Jeremy Collake, the developer of Process Lasso <a href="http://bitsum.com/?" rel="nofollow">http://bitsum.com/?</a> Well, I am following him on Google +(Thanks to Robert)and he has the most awesomest idea. He is creating a board <a href="http://bitsum.net/forum/index.php/topic,915.msg4409.html#msg4409" rel="nofollow">http://bitsum.net/forum/index.php/topic,915.msg4409.html#msg4409</a> to monitor false positives and how and if security vendors handle them. </p> <p>How many times has a new update rendered a program you have had on your PC for months/years useless because of false positives? Or the false positives we hear about on the giveaways? </p> <p>&quot;<em>The purpose of this board is to provide a public place to communicate false positives and improper site ratings to the security companies. Once a false positive or improper site rating occurs, the damage is often already done. Compounding matters, some security companies do not respond to false positive or improper rating reports in a timely manner, if they respond at all. In other cases, they DO respond in a timely manner. We need to know which companies respond well, and which don&#39;t seem to care. Some less than legitimate security companies may even use false positives as a means to drum up business, as to users it may appear as if they detected something that other software missed.......</p> <p>The intent is not to crucify the security industry, I hope everyone understands that. Each company is different and unique. Transparency allows us to see which act responsibly, and which don&#39;t. Users can see which security companies CARE about false positives and <strong>the collateral damage to hundreds or thousands of innocent small businesses.</strong> Accountability is important to fixing this issue.</p> <p><strong>GENERAL USERS:</strong> Until we get the ball rolling, tell these security companies you want to know their false positive rates, and how they handle such occurrences when they do happen.</p> <p><strong>VENDORS:</strong> Post here what you think as well. It is important they know how frustrated we all are.</p> <p>-----<br /> <strong>THIS WILL BE MOVED TO A DEDICATED DOMAIN SOON, BUT POSTS AND ACCOUNTS WILL BE PRESERVED</strong>&quot;</em></p> <p>Just thought someone might be interested. </p> http://www.giveawayoftheday.com/forums/topic/9747#post-92187 Thu, 23 Jun 2011 10:23:46 +0000 hotdoge3 92187@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.h-online.com/security/news/item/Dropbox-left-login-door-open-for-4-hours-1264195.html" rel="nofollow">http://www.h-online.com/security/news/item/Dropbox-left-login-door-open-for-4-hours-1264195.html</a></p> <p>Dropbox left login door open for 4 hours</p> <p>Dropbox has admitted that an erroneous code update on Sunday 19 June allowed logins without authentication and allowed users to access files held by other users of the file synchronisation service. This occurred at 9:54PM UK time and the error went undetected for just under four hours until Dropbox discovered it (at 1:41AM); a fix was deployed in five minutes and all logged in sessions were dropped. </p> http://www.giveawayoftheday.com/forums/topic/9855#post-91572 Mon, 06 Jun 2011 04:16:54 +0000 Idunnobutiwastold 91572@http://www.giveawayoftheday.com/forums/ <p>Thanks, Hotdoge. :) </p> http://www.giveawayoftheday.com/forums/topic/9855#post-91571 Mon, 06 Jun 2011 04:13:04 +0000 hotdoge3 91571@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.comodo.com/products/comodo-products.php" rel="nofollow">http://www.comodo.com/products/comodo-products.php</a></p> <p>look on the L.H.S. click on Learn more Free Products</p> <p>Comodo Internet Security Pro 2011 (Try Pro FREE for 1 year!) may be good to get ?</p> <p> Wi-Fi Protection<br /> Live Expert help<br /> Firewall Protection<br /> Antivirus Software </p> http://www.giveawayoftheday.com/forums/topic/9747#post-91501 Fri, 03 Jun 2011 11:26:34 +0000 Robert 91501@http://www.giveawayoftheday.com/forums/ <p>The Dropbox story continued...</p> <p>Just found this interesting article in my mailbox, written by Woody Leonhard on the Windows Secrets webpage:</p> <p><a href="http://windowssecrets.com/top-story/re-examining-dropbox-and-its-alternatives/">Re-examining Dropbox and its alternatives</a></p> <p>Some excerpts:<br /> <blockquote>You may find those(TOS) terms chilling, but Dropbox does make a compelling <strong>argument in its favor</strong> by <a href="http://windowssecrets.com/links/$P20d/704896h/?url=dl.dropbox.com%2Fu%2F27409013%2FPrivacy%2FPrivacy%2520Policy%2520Comparison.jpg">comparing</a> its Privacy Policy with those of Apple, Google, Skype, and Twitter. Apple and Google store data online and have similarly broad-reaching policies. Skype and Twitter aren’t quite so broad, fitting the nature of their service.</blockquote></p> <p><blockquote><strong>Depending on your level of security comfort (or paranoia), you have four possible choices if you want to synchronize data in the cloud:</strong></p> <p>You can use Dropbox, realizing that the staff of Dropbox has the capability to read your data and send it to duly constituted authorities in some jurisdiction or another. If you understand the situation and it doesn’t bother you, more power to ya!</p> <p>You can encrypt your data before Dropbox gets it. The people at Dropbox recommend TrueCrypt, which runs on Windows, Mac OS X, and Linux. In general, all you have to do is put a TrueCrypt-encrypted file inside your Dropbox folder and change one setting on the TrueCrypt file. Dropbox has a forum thread that describes the approach and some of its problems. Suffice it to say that most people find it works easily. The major downside? It doesn’t work on mobile devices, and file uploads and downloads might take longer.</p> <p>You can use one of the integrated Dropbox third-party routines that perform encryption and decryption. At this moment, <a href="http://windowssecrets.com/links/$P20d/618c1fh/?url=getsecretsync.com%2Fss%2F">SecretSync</a> and <a href="http://www.boxcryptor.com/">BoxCryptor</a> are the best-known representatives of the genre. Both work with the Dropbox API and allow you to encrypt and decrypt the data with your own keys. Dropbox still encrypts the files (a second time), but should the occasion ever arise where Dropbox or some nefarious person uses the Dropbox key, the resulting file will still be scrambled — and you’re the only one with the key. </blockquote></p> <p>Please do read the full story on windowssecrets.com.(and maybe vote for it)</p> <p>So...YEAH ,still sticking with my <strong>Dropbox</strong>...with and without secondary encryption :) </p> http://www.giveawayoftheday.com/forums/topic/9747#post-91077 Thu, 19 May 2011 10:42:39 +0000 hotdoge3 91077@http://www.giveawayoftheday.com/forums/ <p><a href="http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/" rel="nofollow">http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/</a></p> <p>Under Windows, Dropbox stores configuration data, file/directory listings, hashes, etc in a number of SQLite database files located in %APPDATA%\Dropbox. We’re going to focus on the primary database relating to the client configuration: config.db. Opening config.db with your favorite SQLite DB tool will show you that there is only one table contained in the database (config) with a number of rows, which the Dropbox client references to get its settings. I’m going to focus on the following rows of interest:<br /> email: this is the account holder’s email address. Surprisingly, this does not appear to be used as part of the authentication process and can be changed to any value (formatted like an email address) without any ill-effects.<br /> dropbox_path: defines where the root of Dropbox’s synchronized folder is on the system that the client is running on.<br /> host_id: assigned to the system after initial authentication is performed, post-install. Does not appear to change over time.<br /> After some testing (modification of data within the config table, etc) it became clear that the Dropbox client uses only the host_id to authenticate. Here’s the problem: the config.db file is completely portable and is *not* tied to the system in any way. This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox </p> http://www.giveawayoftheday.com/forums/topic/9747#post-91039 Wed, 18 May 2011 03:01:07 +0000 hotdoge3 91039@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959" rel="nofollow">http://www.zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959</a></p> <p>Data held in Dropbox was and still us vulnerable to inspection by U.S. authorities.<br /> You shouldn’t use Dropbox if you have something to hide.<br /> Dropbox, one of the favourite cloud synchronisation services available for free, ‘deceived’ its users about the security and encryption of its cloud storage services.</p> <p><a href="http://www.theregister.co.uk/2011/05/16/dropbox_ftc_not_good_enough/" rel="nofollow">http://www.theregister.co.uk/2011/05/16/dropbox_ftc_not_good_enough/</a></p> <p>&quot;Dropbox&#39;s customers face an increased risk of data breach and identity theft because their data is not encrypted according to industry best practices,&quot; </p> http://www.giveawayoftheday.com/forums/topic/9747#post-91035 Tue, 17 May 2011 23:45:24 +0000 graylox 91035@http://www.giveawayoftheday.com/forums/ <p>Well, &quot;the authorities&quot; are not the biggest threat in our part of the world (at least that&#39;s what I hope) but that&#39;s different in other countries.<br /> What I understood from these articles is the fact, that others as well could have access to the users&#39; data, because the employees could decipher the passwords.<br /> I have read elsewhere, that most security breaches are not caused by hackers but by employees.</p> <p>graylox </p> http://www.giveawayoftheday.com/forums/topic/9747#post-91034 Tue, 17 May 2011 23:07:23 +0000 Robert 91034@http://www.giveawayoftheday.com/forums/ <p>Thanks Graylox.. some mighty interesting and educating stuff to read.</p> <p>Still ,I&#39;m quite happy with the Dropbox facilities... even with the new TOS and its &#39;file deduplication&#39;.</p> <p>Looks more like a craze trying to discredit Dropbox.</p> <p>Anyway:</p> <p><blockquote>about government data requests...<br /> Just so you know, we don’t get very many of those requests — about one a month over the past year for our more than 25 million users. That’s fewer than one in a million accounts.</blockquote><br /> -</p> <p>I think most people can live with that.What do we have to hide anyway... :)</p> <p>Then again I&#39;m not talking companies and data mining by non authorized personnel. </p>