I hope you folks are using these services for sensitive company information..Its the old adage you get what you pay for.
By Catalin Cimpanu 5 Aug 2015, 13:05 GMT
Cloud storage accounts vulnerable to MITC attacks
A report by Imperva shows how an attacker could easily get their grubby hands on cloud storage and synchronization accounts, without even needing the user’s password, and use them in their illicit activities.
The research paper details a new technique called MITC (Man in the Cloud), which allows attackers to intrude popular cloud storage services like Box, Dropbox, Google Drive, and OneDrive.
MITC attacks don’t rely on vulnerabilities in the syncing applications themselves, nor on security holes in the cloud storage server, but act on a design flaw.
Because of the way these services were built, not requiring a password every time a file is synced, a token is used instead to authorize…
View original post 224 more words