Dropbox takes a peek at some kinds of uploaded files. That’s normal, the Web storage service says.
The disclosure comes after a test of the service found that several “.doc” files were opened after being uploaded to Dropbox.
Dropbox’s behavior was detected using HoneyDocs, a new Web-based service that creates a log showing when and where a document was opened, according to a blog post at WNC InfoSec.
The experiment involved uploading to Dropbox “.zip” HoneyDocs folders with embedded “.doc” files. HoneyDocs lets users set up a “sting,” or a notification that is sent by SMS or email when a file has been viewed. Where the file has been viewed from is plotted on a map.
The callback, or as HoneyDocs calls it a “buzz,” is an HTTP Get request with a unique identifiers assigned to a sting. The data on when and where the file has been opened is sent over SSL port 443, according to HoneyDocs.
WNC InfoSec wrote the first buzz came back within 10 minutes after a file was uploaded with the IP address of an Amazon EC2 instance in Seattle. Dropbox uses Amazon’s cloud infrastructure.
Of the submitted files, only “.doc” files had been opened, WNC Infosec wrote. HoneyDocs also pulled information on the type of application which accessed the document, which in this case was the open-source productivity suite LibreOffice.
full article here -> pcworld
= Since Dawn Of Time The Fate Of Man Is That Of Lice =
now send a .doc with instructions to make a b&%$#omb and with the trrst word in it and see how long i takes for the doorknock lofl.