Blog

Archive for Cloud Computing

Dropbox’s Big, Bad, Belated Breach Notification

69 Million Dropbox Passwords Compromised; Last.fm Reportedly dropboBreached in 2012

To the annals of super-bad historical mega breaches that no one knew about, add a new entry: file-hosting service Dropbox. Separately, music service Last.fm also was reportedly breached badly in 2012, although that has yet to be independently confirmed.

On Aug. 27, Dropbox began alerting customers that if they had signed up to the service before mid-2012 but not changed their passwords since mid-2012, then they would be required to do so.

Dropbox_Alert_Aug2016“We recently learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012,” Dropbox says on its website, indicating it first heard related rumors in mid-August. Resetting the passwords that it believes may have been exposed “ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts,” the alert notes.

Dropbox first learned about that breach in 2012 and issued an alert to users in July of that year, saying it had traced the breach to an employee reusing their corporate password across multiple sites. The company said it added new security features designed to protect against such breaches. But at the time, Dropbox evidently failed to comprehend the true magnitude of the breach and forced relatively few password resets.

What’s belatedly come to light, however, is that as a result of that 2012 breach, details for almost 69 million user accounts – including email addresses and hashed passwords – were stolen. The information reportedly began circulating recently on underground forums.

More Historical Mega Breaches

This year has seen a spate of mega breaches belatedly coming to light. Four announced in May came from MySpace – the date of its breach remains unclear, though it’s obviously not recent; LinkedIn, which disclosed that its 2012 breach resulted in 165 million passwords being compromised; Tumblr, which warned that 65 million accounts were breached in 2013, prior to its acquisition by Yahoo; and “adult social network” Fling, which said that 41 million accounts were breached in 2011.

On Sept. 1, paid data breach site Leaked Source described yet another old, alleged breach, this one hitting music service Last.fm. Leaked Source claims that the service was hacked in March 2012 and data on 43.6 million users – including usernames, email addresses and passwords – was stolen. While that breach has yet to be independently verified, Leaked Source says that it successfully cracked 96 percent of the site’s unsalted passwords, which had been hashed with MD5.

Last.fm didn’t immediately respond to a request for comment on that report.

Dropbox Breach: Worse than Believed

Dropbox’s Aug. 27 breach alert arrived just a few months after several identity theft services misreported that user data from the site had been leaked (see Dropbox Confident Amidst Breaches).

It turns out, however, that the 2012 Dropbox breach appears to have been much worse than originally believed. Indeed, sometime after Dropbox was hacked in mid-2012, “a large volume of data totaling more than 68 million records was subsequently traded online and included email addresses and salted hashes of passwords, half of them SHA-1, half of them bcrypt,” says Troy Hunt, who runs the free Have I Been Pwned? website.

Security experts laud bcrypt as an excellent, purpose-built password-hashing algorithm, but warn that SHA-1 – as well as MD5 – are deprecated and shouldn’t be used. Dropbox, to its credit, in recent years appears to have phased out SHA-1 in favor of bcrypt.

Technology news site Motherboard reports that it obtained a sample of the data that hackers allegedly stole from Dropbox, and that it contains details relating to 68.7 million accounts, including email addresses and hashed passwords. It says that an unnamed, senior Dropbox employee confirmed that the information was legitimate.

Dropbox couldn’t be immediately reached for comment on that report.

But Hunt says he independently reviewed the data and found it to be authentic. He acknowledges that it contains old passwords set by him and his wife.

 Schwartz, Matthew J. Data Breach Today, “Dropbox’s Big, Bad, Belated Breach Notification” September 2016

Posted in: Cloud Computing, Security

Leave a Comment (0) →

Tips for getting more from Dropbox cloud storage

Although there are many good cloud-storage services to choose from, I continue to mostly use Dropbox, primarily for its flexibility and level of cross-platform support.

dropboxHere are some tricks and tips for getting the most out of the service.

Using selective synching to manage local storage

I have a paid 1TB Dropbox account that I mostly use so store over 600MB of digital photos. The service lets me view, edit, and otherwise manage those images on a desktop PC, notebook, tablet, and even my smartphone. But only the desktop has sufficient storage for the entire collection of images. I keep subsets of the images on the other devices.

For example, I keep only recent photos on my notebook, where I can do an initial cut and also process them in Adobe Lightroom (site).

About six months to a year after an image is created, I move it to an “Archives” folder, which shows up only on the desktop system.

I use Dropbox’s Selective sync feature to create and manage what’s stored locally on each device. (I keep a small subset of “favorite” images on my tablet and phone.) Unfortunately, Dropbox doesn’t make accessing Selective sync especially easy. To do so, you must right-click the Dropbox icon in the taskbar and select the gear icon in the upper-right corner of the status box. Next, click Preferences/Account/Selective Sync.

The Selective sync dialog box will display a list of all folders in your Dropbox account. (You can’t selectively synch individual files.) On each device, you put a checkmark next to the folders that you want on both the local Dropbox folder and in the cloud, as shown in Figure 1.

Dropbox article figure 1

Figure 1. Dropbox’s Selective Sync tool lets you control which files are stored locally on various devices.

(Note: Microsoft’s OneDrive also supports selective synching. Right-click the OneDrive folder in Explorer and click “Choose OneDrive folder to sync.”)

The quirks of selective synching is changing and/or moving a locally synched subfolder to cloud only. Unchecking a folder in the Selective sync manager deletes the folder and its contents from the local drive but not from the cloud or other devices. But on my notebook, to move a subfolder of images from the local “Recent” to the unsynched “Archives,” I must do so either online or on the desktop, which contains all my Dropbox files. (Perhaps I need to reconsider my image-organization thinking.) Fortunately, Dropbox is working on a fix for that problem; more on that below.)

Tip: Use Dropbox and Selective Sync to easily share and manage a collection of favorite background images across multiple devices.

Add a Dropbox icon to your Gmail account

If you’re a Chrome and Gmail user, install the Dropbox for Gmail add-on (site); it’ll place a Dropbox icon at the bottom of the message-entry box. When you create, forward, or reply to an email, clicking the Dropbox icon (Figure 2) opens the online version of the service. You can then attach a file stored either locally or in the cloud.

Dropbox article figure 2

Figure 2. The Dropbox add-on for Gmail and Chrome

So far as I know, there are not equivalent add-ons for Outlook.com or other email systems. There are, however, third-party helper apps for Dropbox, many of them email and sharing related. An online search will turn up dozens.

Double-up your Dropbox sign-in security

If you maintain sensitive information in your Dropbox account, you can improve its safety with two-step sign-in verification. To set it up, open your Dropbox account online and click your name in the upper-right corner of the window. Click Settings/Security and then look for the “Two-step verification” section. Select the “click to enable” link and follow the prompts (see Figure 3).

Dropbox article figure 3

Figure 3. Keep others out of your Dropbox account with two-step sign-in verification.

To add additional protection to the cloud-stored data, download and install an encryption app such as BoxCryptor (site), which also supports Box, Google Drive, and OneDrive. A limited version is free; if you want to protect multiple devices and cloud-storage services, BoxCryptor starts at U.S. $48 per year. For a quick review of the app, see the Feb. 18 On Security story, “Encrypted backup kicks ransomware to the curb.”

And for other ways to encrypt files stored in the cloud, see the Dec. 12 Top Story, “Pre-encryption makes cloud-based storage safer.”

Recover previous versions of a file

I use a number of templates to produce articles. But I have a bad habit of not saving the template under another name before I add text and make changes. So about once or twice a week, I use Dropbox to recover the original “clean” copy of a file.

The process is quite easy; simply right click a file in the local Dropbox folder and select “View previous version.” That will open the online version of the service in a browser with a list of recent versions. On personal accounts, previous versions are saved for up to 30 days.

Also keep in mind that the online version of Dropbox can also restore deleted files, which, again, are retained for up to 30 days. Note that deleting a shared folder removes it from your account, but it remains on other shared accounts. (Tip: According to a Dropbox Help Center page, you might also find lost files in the local Dropbox cache file. Look for the section titled “Restoring a missing file from cache.”)

Manage your Office-file collaboration

If you’ve recently opened an Office document stored in Dropbox, you might have tripped over the Dropbox Badge. It appears on the right border of the open document. Clicking the badge gives you quick access to sharing options and the file’s version history.

I find the badge annoying because I rarely share my Office-based docs. Fortunately, there’s a way to manage or disable this feature. Click the badge icon and select the Preferences link. That will open your Dropbox preferences dialog box. In the General section, look for the Dropbox Badge drop-down menu. Your options are ”Always show” (the default, naturally), “If others present,” and “Never show.”

Future Dropbox: Paper and Project Infinite

It’s hard to know where Dropbox is going with its beta Paper (Figure 4) — and extremely simple text editor that lives within the online version of the service. You can use it to create quick notes or paste images and simple text. You can’t, on the other hand, drag and drop formatted files such as a Word document. But you can clip and paste information from open documents and websites. For more on Paper, check out the YouTube video “Welcome to Dropbox Paper”.

Dropbox article figure 4

Figure 4. Dropbox Paper lets you create simple documents using any browser and your Dropbox account.

This past April 26, a DropboxBusiness Blog post announced its Project Infinite initiative. The concept is one Microsoft put into OneDrive — and then removed. The new Dropbox technology allows for virtual files and folders on digital devices. In essence, it lets you see all data stored on Dropbox, but keep only a selected set of physical files locally.

Think of this as an extension of selective synching. With the new feature, you could apply selective synching to specific folders and still see the files stored in the cloud in your local Windows/File Explorer. Clicking a virtual file should take you online, where you can view and open the file as needed.

Given the current limitations with selective synching, I’m eagerly waiting for Project Infinite to go live. Where is it Dropbox? Also, the original post is in the DropboxBusiness blog. If the new feature is not included with personal accounts, I’ll be extremely disappointed.

Capen, Tracey. Windows Secrets, “Tips for getting more from Dropbox cloud storageJuly 2016

Posted in: Cloud Computing, Mobile Computing, Tech Tips for Business Owners

Leave a Comment (0) →

How to Free up Space on Your Smartphone

Many of us have come face to face with that frustrsmartphoneating alert, and it usually happens at the worst possible time — baby’s first step, a celebrity sighting, hilarious pet antics. So, follow our simple steps to keep ensure you always have room for that next important shot.

Rise to the Cloud
If you don’t have the time or patience to sift through old photos and videos or if you want to keep all your media files, back them up to a cloud storage account and delete the local copies on your phone.

The best part about cloud-based storage is that many services, including cloud storage leaders, like Dropbox (for iOS and Android) and Google Photo (for iOS and Android), can be set up to automatically save photos to the cloud over Wi-Fi. Google Photo will even has a Free Up Space for easily deleting photos you’ve already back up to the cloud. If you use an iPhone, the process is automatic if you’ve enabled the iCloud automatic backup service.

The IceCream app for your iPhone lets you free up phone storage space and even lets you decide how much space you’d like to recover. What makes this app really handy is that it alerts you whenever your phone is nearing full capacity. The app also comes with a feature that lets you save photo files that are 10 times smaller than those from your phone’s built-in camera.

Back up Locally
To avoid the cost and limitations of cloud storage, back up your files to your computer. The downside is that you can only do this at times when you have access to your computer through a wired or wireless connection.

If you own an iPhone, you can use iTunes, iPhoto, the Photos app or the Image Capture app to save copies of your media files to your Mac. See Apple’s step-by-step instructions on how to go about it. If you use a Windows PC, you can still use iTunes; the steps vary according to your version of Windows.

For users of the iPhone 5 onwards running at least iOS 7, the AirDrop app lets you transfer files without having to connect your phone to your PC via USB cable. Apple has a page of instructions on how to accomplish that.

If you use an Android device, connect your phone to your PC via a USB cable. Your computer should detect your phone as a mass storage or media storage device, and you will be able to drag and drop your media files from your phone to a folder on your PC. You may need to install software drivers to your phone so that your Windows PC can properly detect it.

Lower Resolution Images and Videos
Many new phones can capture videos in 4K resolution. These high-resolution videos are clearer and have finer detail, especially if you view them on a 4K-capable TV or monitor, but that clarity comes at a price. Those 4K videos use more space than HD or full HD resolutions. If you don’t need 4K videos, set your camera to capture images at a lower resolution in order to save storage space.

Do the same with photos, too. Often, you won’t really need photos taken at very high resolutions, unless you intend to print them or crop-in on a small part or an image. If you’ll only be viewing your photos on a small screen, save storage space by shooting them at a lower resolution. For example, with my phone, a 13MP image is 3 to 4 MB. But when I use the lowest resolution of 2.4MP, the file size drops to about 0.5500KB. When I compare the two photo resolutions side by side on my phone, I can hardly detect any noticeable difference — but the file size difference is hard to ignore.

Uninstall Idle Apps
While photos and videos are the usual storage hogs, apps can also contribute the depletion of disk space. It’s best to remove apps you don’t use often. Game apps particularly consume a lot of space.

On the iPhone, go into Settings > Storage & iCloud Storage > under Storage select Manage Storage. You’ll see a list of apps sorted by the amount of storage space used. When you select and app, you’ll have the option of deleting it. Or, you can long-tap on the app’s icon and tap the X overlay to delete the app and all of its data.

On Android, go into Settings and then Apps. There you’ll see a list of apps. tapping on an app will show how much memory it’s taking up and give you the option to uninstall it. Or, long-tap the app icon in the App Drawer, then drag it to the Uninstall button.

Extend Your Storage
If you own an Android phone with a memory card expansion slot, invest in a microSD card, and move some of the files from your phone’s built-in storage. To move files around, you can use a file manager app. Most phones come with their own file managers. If yours doesn’t, or if you want a more flexible app, install the ES File Manager (free in Google Play).

You can’t add a memory card to an iPhone, but there is an imperfect solution: the Mophie Space Pack, a case with built-in storage and battery. The protective case is available for iPhone 5/5s (starting at $44.58 with 32GB of storage and a 1700mAh battery on Amazon), iPhone 6/6s (starting at $149.95 for 32GB and a 3300mAh battery) and iPhone 6 Plus 6s Plus (starting at $149,95 for 32GB and a 2600mAh battery). We can’t wholeheartedly recommend the case based on the mixed reviews. While some users, including professional reviewers, have no problem using the app, others find it confusing.

Make Saving Space a Habit
Clear out space on your smartphone regularly to save yourself from the disappointment of running out of storage at times when you need it most. Stay lean and mean so you’re ready to enjoy your phone’s features at a moment’s notice. And, if you’re running out of space on your computer, check out our tips on how to clean out and organize your computer.

Montejo, Elmer. “How to Free up Space on Your Smartphone”, Techlicious, Tips & How To’s March 7, 2016

Posted in: Cloud Computing, Tech Tips for Business Owners

Leave a Comment (0) →

How the Hybrid Cloud Differs from the Public Cloud

Cloud computing has certainly caught on among business owners. No surprise there: the cloud offers more computing power, cheaper storage, seamless scalability and the simplicity that comes with someone else taking care of your servers.

But there’s a catch. To take advantage of cloud software and infrastructure, you’ve got to give up some control over your data … Or do you?

Have your cloud and your privacy too

Here’s the thing: not all clouds are the same. There’s the public cloud, the one with which we’re most familiar. But then there’s the hybrid cloud too. As its name suggests, the hybrid cloud is a combination of two different types of clouds, public and private. The hybrid cloud can give your business all of the benefits listed in the first paragraph (power, affordability, scalability and simplicity) without the tradeoffs that come with entrusting your data to an unknown (or unresponsive) quantity.

How might that work in practice? Here’s an example: A business provides some resources in-house. For instance, it might store current consumer data on its private in-house cloud. It might also store employee records, new marketing campaigns, and current proposals to new clients on its in-house storage.

That same business, though, might store older, archived data on a public cloud service. This frees up space on the business’ servers, and allows its in-house computers to operate more efficiently.

At the same time, taking a hybrid cloud approach to data storage allows businesses to take advantage of the space-saving benefits of the public cloud without also exposing their sensitive current data to third-party providers. In other words, the hybrid cloud provides businesses with security, cost-savings, and efficiency.

Why the hybrid cloud approach makes sense

It’s little wonder, then, that so many businesses today are moving toward a hybrid cloud approach. There is simply too much data floating around today for smaller businesses to adequately store. At the same time, businesses in today’s competitive environment don’t want to expose company secrets and sensitive consumer data to either their rivals or hackers.

The hybrid cloud allows businesses to have the best of both worlds.

Posted in: Business, Cloud Computing, Mobile Computing, Tech Tips for Business Owners, Technology

Leave a Comment (0) →