Researchers Dhiru Kholia and Przemyslaw Wegrzyn have discovered a method to reverse-engineer Dropbox, which may open the door for open-source clients, but also gives attackers a way to intercept encrypted content and bypass the file sharing service’s two-factor authentication. The discovery has broader implications for the Internet, as the same methods could be used against any proprietary app built using the Python language. A Dropbox spokesperson said that while they “appreciate the contributions of these researchers,” the discovery “does not present a vulnerability in the Dropbox client.” Dropbox argues that the exploit will not work unless the user’s computer is already compromised. follow link
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.
- ExtraBITS for 2 September 2013 (02 Sep 13)
Dropbox Reverse-Engineered, Other Python Apps at Risk