Attackers can access Dropbox, Google Drive, OneDrive files without PW.

Page 1 of 3 123 LastLast
    Attackers can access Dropbox, Google Drive, OneDrive files without PW.

    Attackers can access Dropbox, Google Drive, OneDrive files without PW.


    Hackers don't even need your password anymore to get access to your cloud data.

    Newly published research, released at the Black Hat conference in Las Vegas on Wednesday by security firm Imperva, shows how a "man-in-the-cloud" attack can grab cloud-based files -- as well as infecting users with malware -- without users even noticing.

    The attack differs from traditional man-in-the-middle attacks, which rely on tapping data in transit between two servers or users, because it exploits a vulnerability in the design of many file synchronization offerings, including Google, Box, Microsoft, and Dropbox services. This is not just an issue for consumers, but also businesses, which increasingly use cloud-based services to share sensitive customer and corporate data.

    The report by Imperva, which has a research unit as well as having a commercial stake in the security space, said in some cases "recovery of the account from this type of compromise is not always feasible."

    The attack works by grabbing the password token, a small file that sits on a user's devices for convenience (which saves the user from entering their password each time). When the token is obtained, either through a phishing attack or a drive-by exploit, it can be used to fool a new machine into thinking the attacker is the account's owner. From there, the attacker can access and steal files, and even add malware or ransomware (which is on the rise) to the victim's cloud folder, which can be used for further attacks.

    Making matters worse, account owners are almost powerless. Because the tokens are tied to the user's device, changing the account password would not lock out the attacker.
    Source
    labeeman's Avatar Posted By:


  1. Posts : 46
    64-bit 10240 10 Pro
       #1

    Looks like I will remove one drive
      My Computer

  2. stormy13's Avatar
    Posts : 341
    Windows 10 Pro
       #2

    One more reason I don't use and likely never will use any cloud based service.
      My Computer

  3. sgage's Avatar
    Posts : 1,182
    Windows 10 Pro (Build 18362.418)
       #3

    stormy13 said:
    One more reason I don't use and likely never will use any cloud based service.
    (At last I get to use the 'ditto' emoticon!)
      My Computer


  4. Posts : 11
    Win 8.1 Pro, Win 10 10041
       #4

    sgage said:
    (At last I get to use the 'ditto' emoticon!)
    Add another remove to the pile!
      My Computer

  5. simrick's Avatar
    Posts : 16,172
    W10Prox64
       #5

    Two-factor authentication thwarts this.
      My Computer


  6. Posts : 591
    Windows 10 Pro 64bit; Windows 10 TP; KDE Neon
       #6

    I have upgraded from Windows 10 Home to Windows 10 Pro just to regain Group Policy so that I will be able to disable OneDrive. It was the first thing I did right after the clean installation of the OS.
      My Computers


  7. Posts : 1,557
    W10 32 bit, XUbuntu 18.xx 64 bit
       #7

    One drive can't be disabled in windows 10 home.
      My Computer

  8. sgage's Avatar
    Posts : 1,182
    Windows 10 Pro (Build 18362.418)
       #8

    groze said:
    One drive can't be disabled in windows 10 home.
    You can simply not use it - you really don't need to 'disable' anything. You can got into the Task Monitor, and under 'start' disable the PC client from ever booting up. But if you simply don't use it, no problem.
      My Computer

  9. stealth2920's Avatar
    Posts : 502
    Win 10 Pro 64 bit
       #9

    groze said:
    One drive can't be disabled in windows 10 home.
    That's what she said was the reason she went to 10 Pro.
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:51.
Find Us




Windows 10 Forums