4-hour Dropbox Bug

dougiedd

There must be a thread on the recent 4 hour security breach but I cant find it and want to understand the implications: please direct me?



http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/

brenty

[quote name='dougiedd' timestamp='1310531313' post='31893']

There must be a thread on the recent 4 hour security breach but I cant find it and want to understand the implications: please direct me?



[url="http://techcrunch.com/2011/06/20/dropbox-security-bug-made-passwords-optional-for-four-hours/"]http://techcrunch.co...for-four-hours/[/url]

[/quote]



Hey there, dougiedd!



No worries about not finding it, since the search on these forums is less than stellar, but I believe this was primarily [url="http://forum.agile.ws/index.php?/topic/5199-security-cloud-syncing/"]discussed in a thread[/url] concerning the more general question of cloud security and its implications for 1Password data. [url="http://forum.agile.ws/index.php?/topic/5199-security-cloud-syncing/page__view__findpost__p__29779"]Jeff made a great post[/url] that kind of covers these concerns, so I will quote from that:



[quote name='jpgoldberg']

[color=#1C2837][size=2]Let me again repeat that [i]your confidential data in 1Password is very well encrypted before it leaves your machine[/i]. (Indeed it is encrypted before it ever gets written to a disk.) A Dropbox security failure does not mean a 1Password breach.[/size][/color]

[size="3"][color="#1C2837"][size=2][/quote]

[/size][/color][/size]



We just try to keep things as tidy as possible to make them easier to find...even though that isn't always possible. If you have any specific questions, just [url="http://forum.agile.ws/index.php?/topic/5199-security-cloud-syncing/page__view__findpost__p__30264"]reply in that thread[/url] and we will do our best to answer them. I think the last 2 pages or so are relevant to that breach in particular, but there is a lot of information there so don't feel bad about asking something that may have already been mentioned, since some clarification may be helpful and all of that is a lot to digest. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

dougiedd

Are wallet items encrypted in dropbox?

khad

That is a good question, dougiedd!



The [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]Cloud Storage Security[/url] section in 1Password's User Guide explains this pretty well:



[indent]The information which 1Password keeps decrypted in your data is very similar to what you may have in a browser bookmarks file. In addition to the location and title are tags, Folder, password strength, creation time, and last modify time. Any of the fields that can be used for sorting or arranging the display of your items in the 1Password app are not encrypted. Everything else is.[/indent]

All username and password data along with Login fields, notes, wallet data, etc. are always encrypted. Offhand, I can't think of anything besides what is listed in the [b]View > Columns[/b] menu that is unencrypted.



The list in that menu is as follows.



[list]



[*]Icon

[*]Title

[*]Location

[*]Type

[*]Modified Date

[*]Created Date

[*]Folder

[*]Password Strength

[*]Tag

[/list]

I hope that helps. Please let us know if you have any other questions. We are always available to answer them. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Cheers!