Man In The Cloud Attacks Discovered

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
According to this report, attackers can access files on Dropbox, OneDrive, Google Drive without a user's password and without writing server side code. :eek:

In our presentation we will examine how common cloud synchronization services can be used by hackers to steal private and corporate data, remain persistent on infected machines and avoid perimeter detection mechanisms. All of this could be done from the attacker's laptop, without any exploits and without writing server side code.
 
In our presentation we will examine how common cloud synchronization services can be used by hackers to steal private and corporate data, remain persistent on infected machines and avoid perimeter detection mechanisms. All of this could be done from the attacker's laptop, without any exploits and without writing server side code.
Click to expand...

So in other words it's a local attack.
 
Looks more like a discussion on theoretical attack vectors more than an actual exploit.
 
heatlesssun said:
So in other words it's a local attack.
Click to expand...

I read it as gaining access to the cloud service and just downloading the data from there. If corporation X has A,B,C, and D advanced security measures - I can bypass them all simply by accessing the spot not protected by those systems that the data is backed up to. You can have a fortress out front, but that doesn't do any good if you leave an unlocked door on the side.
 
canna said:
I read it as gaining access to the cloud service and just downloading the data from there. If corporation X has A,B,C, and D advanced security measures - I can bypass them all simply by accessing the spot not protected by those systems that the data is backed up to. You can have a fortress out front, but that doesn't do any good if you leave an unlocked door on the side.
Click to expand...

I couldn't tell if it was a local attack or not, but either way, it's something for companies to be concerned about. I've been really surprised by how much we use Google Docs at work. I assumed we'd want to keep proprietary info within our walls, but apparently not.
 
Kind of like pop3, but for cloud synchronization. Sounds like their talking about configuring a synchronization service to upload files without notifications. I'm not sure how this is anything new.
 
Man in the cloud? Sounds like those people come knocking on your door want to preach.
 
This is why onedrive integration is a horrible idea in Win10. It should be purely optional for those who want to risk putting their files online.
 
B00nie said:
This is why onedrive integration is a horrible idea in Win10. It should be purely optional for those who want to risk putting their files online.
Click to expand...

Still sorta is.. I still need to drag my files over there and just treat it like a local drive if I want anything to be saved there. As far as I can tell from using W10 (so far), everything is still configured to save stuff locally.

Now if you're talking about the option if it not even being there to begin with, then that's different. Maybe they should make it a separate installer like it was for W7 but then I don't know how tight the integration would be. MS is really making a push for their cloud services these days since it's making them money.
 
I never upload anything important to cloud services anyway and if I did I would encrypt it first.
 
Gamerdad said:
I never upload anything important to cloud services anyway and if I did I would encrypt it first.
Click to expand...

At first I was concerned about security but I've come to realize that I don't really have anything important. Pretty much all of my personal stuff is saved to online storage and an old external hard drive.
 
You must log in or register to reply here.
Back
Top