Dropbox pulls access to hyperlinked files after vulnerability discovered
Dropbox, one of the most popular cloud storage services, has largely avoided the spate of recent security woes suffered by other companies. But no system is perfect, and a warning has now been issued after a flaw in hyperlinked files was discovered.
"Whenever you click on a link in any browser, the site you’re going to learns where you came from by something called a referer header. The referer header was designed to enable websites to better understand traffic sources. This is standard practice implemented across all browsers", says Aditya Agarwal.
What this means is that when Dropbox customers share links to files or folders, it should only be accessible to the recipient. However, it was discovered that these links could be exposed to people who were not the intended recipients.
Dropbox claims it is unaware of any abuses taking place due to this vulnerability, however, the company has taken steps to mitigate the potential problem nonetheless.
"For previously shared links to such documents, we’ve disabled access entirely until further notice. We’re working to restore links that aren’t susceptible to this vulnerability over the next few days", Agarwal explains.
The vulnerability has been patched and customers are urged to recreate any lost links, as the process is safe now.
Dropbox did not state how long this problem has existed, or the length of time the cloud service has been aware of it. But it seems as if it jumped right on this as far as breaking the old links and patching the system. We'll see if reports emerge about this flaw being taken advantage of before the hole was closed.