Click to Skip Ad
Closing in...
  1. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  2. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  3. Prime Day Nest Thermostat Deal
    16:28 Deals

    The newest Nest Thermostat rarely goes on sale, but it’s $99.98 for Prime Day

  4. Best Amazon Prime Day Deals
    09:09 Deals

    Get these Prime Day deals soon because they sell out every single year

  5. Amazon Gift Card Prime Day Deals
    07:58 Deals

    Free money is definitely Amazon’s hottest deal of Prime Day 2021




Major Dropbox vulnerability revealed – and has already been patched

May 6th, 2014 at 8:45 PM
Dropbox security vulnerability

In a blog post early Tuesday morning, Dropbox revealed a vulnerability with its shared links. The popular cloud storage company said that shared links to some documents could be unintentionally revealed to “unintended recipients.” Thankfully, Dropbox says it doesn’t think the vulnerability has been exploited, and it has already been addressed.

Here’s how it works:

When you visit any link on the web, the website you visit is able to track where you came from using what is called a referer header. So if you visit amazon.com from twitter.com, the referer header will let Amazon know that you came from Twitter.

This affects shared links to documents on Dropbox because if someone visits a website from a hyperlink in a shared document, that website was able to see the URL for the shared document.

Typically, the URL of a shared link to a document on Dropbox is a long string of random characters, which effectively makes the document private to those who have been given the shared link. But in the case of this vulnerability, websites visited from clicks within a shared document were able to see the full private URL for the shared document in the referer header.

Dropbox says it has already patched the vulnerability and has disabled any shared links that are affected. It will restore these links once it determines they are safe, and in the meantime, users can re-create shared links for any documents that have had their shared links disabled. Since it has patched the vulnerability, any new shared links will not be affected by this vulnerability.

Dropbox for Business customers were not affected if they restricted access to shared links to only their team members.




Popular News