Comments for ethicalhack3r

Comment on Hacking DECT by Organic Gardening Tips

Organic Gardening Tips — Sun, 05 Sep 2010 07:09:17 +0000

Finally a blog post that’s really worth reading. There’re particular things I disagree although haha. :)

Comment on My new Acer Aspire One by reduce belly fat

reduce belly fat — Fri, 03 Sep 2010 09:38:44 +0000

It is awesome to come across something worth looking at. Seems like everyone is starting a blog and tossing up whatever pops into their head. Most of the time it does not make good sense. I am pleased to see that is not the case here.

Comment on Using a web bug for information gathering by isaias

isaias — Wed, 01 Sep 2010 20:10:56 +0000

tiffani amber thiessen hairstyles

Comment on DropBox Security by Mr. Shiney

Mr. Shiney — Wed, 18 Aug 2010 01:49:04 +0000

This is an interesting look at the risks to drop-box. A warning about using TrueCrypt with dropbox — because of way drop-box works, only syncing the bits of a TC container that have changed, a person may be able to guess your TC secret key by capturing this changed data several times. Another warning about dropbox and danger of public file leaks: http://tgfblogged.blogspot.com/2010/06/dropbox-has-issue-with-way-it-handles.html

I think DB has some serious security concerns.

Comment on Defcon too far? Blackhat too expensive? No problem! by Isa Galapon

Isa Galapon — Fri, 06 Aug 2010 15:35:48 +0000

Yeah, burn an Ubuntu Live CD and run the installer on boot. When it comes to the partitioning step just put that you want to erase the harddrive and install Ubuntu.

Comment on DropBox Security by admin

admin — Tue, 03 Aug 2010 14:35:18 +0000

@pento
There may be some web application vulnerabilities from the OWASP Top 10 that affect the DropBox site. But looking for these intentionally without permission may be considered unethical.

@Andrew
Great idea!

@Marc
I wrote a quick Python script to brute force the Public folder file names. So far I have only found a couple of index.html files, nothing too interesting, but with more time and refinement I’m sure something would pop up. Of course this is ethical and legal as DropBox state that the information in users Public files are, well, public.

Comment on DropBox Security by Marc Ruef

Marc Ruef — Tue, 03 Aug 2010 14:05:31 +0000

Hello,

Nice article! Especially the guessing of public folder names is going to be interesting. I think in a few days/weeks someone is coming up with a crawler …

Regards,

Marc

Comment on DropBox Security by Andrew Waite

Andrew Waite — Tue, 03 Aug 2010 13:29:10 +0000

Nice write-up.

For the overly paranoid (like me), turn your DropBox folder into a TrueCrypt container and store your files in there. This way if someone (DropBox employee or third party) does gain access to your account they still can’t access your actual data without either breaking the crypto or gaining your (hopefully complex) TrueCrypt password. Of course if they’ve compromised your machine and installed keylogger your still in trouble; but as you say, you’ve probably got bigger problems.

–Andrew

P.S. thanks to @baconzombie for suggesting the combination to me a while back.

Comment on DropBox Security by Pento

Pento — Tue, 03 Aug 2010 12:52:51 +0000

Most of items are looks like farfetched.
But idea to review Dropbox security controls is really interesting. You also forget that Dropbox as usual webapp may have something from OWASP Top 10 like xss =)

Comment on Glastopf – Web Application Honeypot by Panix

Panix — Fri, 23 Jul 2010 23:43:22 +0000

Oh yeah, the web interface for glastopf (GlasIF) is pretty sweet as well. Make sure you log to a MySQL database! :)