Man who lived luxury lifestyle after hacking LinkedIn and Dropbox is found guilty

Yevgeniy Nikulin lived the high life, funded by a life of cybercrime.

Now he faces a significant prison sentence after stealing millions of user records from the likes of LinkedIn and Dropbox.

Read more in my article on the Hot for Security blog.


Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Read more in my article on the Hot for Security blog.

‘Phish for the Future’ spearphishing campaign set digital civil liberty activists in its sights

One attack masqueraded as a YouTube comment to a legitimate video uploaded by the targe. Another posed as the target’s husband under the pretense of sharing family photos.

David Bisson reports.

Millions of Dropbox users are being advised to change their passwords

Yes, hackers did manage to steal millions of account credentials back in 2012.

Make sure you have protected your account, and enabled two-step verification.

The huge Dropbox password leak that wasn’t

Recent claims from identity theft protection firms that Dropbox has suffered a massive password breach should be treated with suspicion.

But do remember to enable two-step verification, please!

How to protect your Dropbox account with two-step verification (2SV)

David Bisson explains how you can protect your Dropbox account from hackers with two-step verification.

Dropbox users continue to unwittingly leak tax returns and other private data

Almost 18 months after the issue was first made known to Dropbox, unauthorised users continue to receive links to personal, private information stored on the file-sharing service.


Dropbox beefs up security of shared links – for business users at least

Dropbox introduces new features to better protected shared links on the service, but is it enough to convince your company to embrace the popular file-syncing app?

Read more in my article on the Tripwire State of Security blog.

Lingerie-wearing spammers find a good home in Dropbox

Don’t help spammers buy a whole new wardrobe by visiting their X-rated webcam websites.

Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest

I think it’s a pretty sad state of affairs that months can pass, and the BBC has to be called in, before a service like Dropbox takes seriously a security concern impacting the privacy of its users.

Dropbox users leak tax returns, mortgage applications and more

If you are using file-sharing systems like Dropbox and Box without proper care and attention, there is a risk that you could be unwittingly leaking your most private, personal information to others.

You don’t have to be a major Hollywood studio to see the IP risks in cloud file locker services

Dropbox has made it far easier for the general public to violate Intellectual Property laws.

But it’s not just movies. Confidential corporate information, which can include sensitive legal documents, sales projection slides, customer spreadsheets, and proprietary software, can also be at risk.

You’ve uploaded files to Dropbox. But just how private are they?

Dropbox admits it is checking files shared publicly on its systems for copyright infringements.

If you don’t like it, you have to start securely encrypting your data *before* you upload it to the cloud.

Mailbox tries (and fails) to fix Javascript security hole

The researcher who rang alarm bells about a serious Javascript security hole in the popular Mailbox iPhone app, says that there is still a problem – even though the company itself believes it has resolved the issue.

Mailbox iPhone app suffers from serious Javascript flaw, researcher discovers

An Italian security researcher has discovered that the popular Mailbox app for iPhones and iPads will execute *any* Javascript which is present in the body of HTML emails, opening the door for exploitation.

Correct​horse​battery​staple – the guys at Dropbox are funny

Remember that famous xkcd cartoon, suggesting passphrases like “correcthorsebatterystaple” are harder for hackers to crack than the likes of “Tr0ub4dor&3”?

Well, I’m full of admiration for whoever the web developer was at Dropbox who implemented this on their sign-up form…