niowluka wrote: { snip }
Exactly. Do you honestly believe someone is going spend days or weeks trying to find a 'hack', only to steal your photos from holidays in Greece ? And if you do have some sensitive data there, then I would strongly suggest to reconsider that. As J-Law's nude photos prove, it will probably be easier to hack into your dropbox account, than find a vulnerability in the daemon.
{ snip }
Days and Weeks? No; that is not how hackers operate. They want to "harvest", i.e. sweep up a bunch of easy to grab, usable data automatically.
this is behind things such as malvertising -- which is a favorite method for launching "drive by" attacks via web browsers.
Javascript is not supposed to be able to read/write anyting on the client system except cookies. But we all know web pages are much more dangerous than that. I think "Ajax" is one method of expanding Javascript capability. Thus,
a web page should be treated as an executable file **. This then is the reason for FIREJAIL -- running an application program in a "named space" -- essentially like a virtual machine. I have to learn a lot more about this. *
a drive by attack doesn't want your vacation px. it wants your credentials for your credit union account. Or right about now it is likely looking for TAX INFO.
Online tax programs should provide the option to sign the tax return with PGP/Desktop or Gnu Privacy Guard ( GnuPG ) . But-- to do it you would have to get your public key signed by a reputable party, such as your Credit Union and post it to the keyserver. And you'd need to signal the IRS -- easy to do through your online tax return -- that you will be using a digital signature henceforward.
Document authentication in the digital age! Imagine that!!
DROPBOX
dropbox
reportedly got hit a while back but later
the report was pretty much debunked
I bought a Q&D reference book "Dropbox in 30 minutes" which is helpful in getting new folks up to speed. the book states Dropbox encrypts stored data. But it also talks about DMCA. It seems apparent to me they generate and keep the encryption keys,-- probably using a symmetric cypher such as AES256. Before I store anything valuable on their server I'll encrypt it,-- probably using the archive manager and .zip format.
* FIREJAIL
I'm "stuck behind the 8-ball" at the moment,-- before I start fussing with named spaces I want to put a second OS disk in my machine. unfortunately I'm on medical restrictions at the moment so I'm not allowed to lift the case out,-- play with speakers, amplifiers, run the snowplough etc etc. project will have to wait until Feb. I should change out my 450W power supply for a 750 so I could run 6 hard drives in my box . I'll do that later, on my next build.
** Documents as Executable Files
This would include documents that can contain macros or scripts or other embedded objects that can transport executable code. e.g. the RSA hack was accomplished by a
flash object in cell A1 of a Excel sheet attached to an e/mail. The first thing I would want to expand FIREJAIL to will be e/mail.