Tag: Dropbox

[Security Spotlight] The worst idea in a brave new world: The all-new Boxcryptor 2.0

Some things make life easier. Think about your data. And the way you used to share it. USB Sticks, DVD, CD-Rom, Harddisks - are a thing of the past. Many people use services like Dropbox, Google Drive, Box and similar on a daily routine. Some of those did not think about data security - and just dropped everything into the cloud: From bank data to keys and passwords and such... Others did think about those problems and tried to secure their important files via means as encryption like TrueCrypt. But that did come at a cost: Loss of usability: You just cannot open a file on your Android Smartphone on the fly. And occasionally, somehow the TrueCrypt drive would be uploaded as copy a second time to the Dropbox. Really nasty.

But then, Secomba came up with their product: BoxCryptor. A neat little piece of software, mounting an "Cloud Folder" as local harddrive and enc- and decrypting files on the fly, while you are accessing these files via the mentioned local mount. Secomba was not reinventing the wheel at that time, they were just using EncFS, already known in the Unix World. And that was really good, as you could just use the BoxCryptor files in Unix via the means of EncFS. The Apps, developed for iPhone, Android and the Chrome Browser did work perfectly. All in all: I would recommend these tools and am using them on a daily base. And I would recommend you the same.

BUT:

Use the old, deprecated BoxCryptor CLASSIC stuff.

Hu? Yeah! You read right. Use old, deprecated, soon-to-be stuff. Or use the new BoxCryptor without the cool features... Ok. Well I should explain why I distrust Secomba, the corporation which earned Awards from Golem, heise, Forbes, c't and so on and on: Secomba, as every corporation tries to make a living from their software, and that is absolutly fine with me. Secomba did create BoxCryptor a new, labelling the "old" Version BoxCryptor Classic, creating the new one with corporations and secure file sharing, i.e. Teamworking in mind. And by doing that, they had to introduce a new feature: Centralized Storage of your BoxCryptor Keys. On their own server. Yes, that is right. You upload the keys to your files, bound to your Secomba Account to their servers, if you choose to use the new mode. You can, however, disagree with that and use it like in classic mode - BUT the new BoxCryptor seems to be incompatible with EncFS, and - even better: You cannot use new BoxCryptor on more than 2 Devices - you have to pay for more... Well, that was another feature that did work on the classic free version - but not anymore.

These are all reasons why I would recommend using BoxCryptor Classic for your cloud files security - but discourage the use of the new BoxCryptor 2.0 - even without using the "Save-my-Keys-to-the-Cloud" function - because in my opinion, it is just a devolution of an excellent tool.

And one last word to the "Share Secure Online Function": If you really would like to share a file securely via the net: Send a TrueCrypt drive or host your own local server. Seriously, if you are a CIO, could you advise your people to upload encrypted data - and the passwords - to a server or service - not under your control? If you would answer this rhetorical question with "Yes" - then beg my pardon - but I do not want to work with you and your corporation anymore.

 

As the link to the (still security patched and updated!) BoxCryptor Classic is a bit hidden under the new and shiny BoxCrytor 2.0 stuff... There you go: https://www.boxcryptor.com/de/boxcryptor-classic

Dropbox

So, another tool I'd like to present, Dropbox.
Dropbox is an online file synchronisation service which does take place on Amazon Servers.
The files are encrypted and stored securely, also with quite high performance.
Nice part? 2 GB of space are free.
You get 250 MB for doing the Tour,
and another 250 MB if you followed the invitation of another person.
( Oh, and yes the other person does get 250 MB as well.. )
Just in terms, heres my invitation link, would be nice if you would consider using it: http://db.tt/tIYzeey

So, how does it work?
In a nutshell: You create your account, download and install the client, enter the data and you're done.
You got an "Dropbox" Folder now on your Win / Mac / Linux Machine which is synchronized.
As soon as you move files to this folder, Dropbox starts to upload the data.
If you change data, these changes are also commited directly.
So far, so good.

The magic starts happening as soon as you install the client onto another pc:
From the moment you start copying files into the folder on one pc, these are also synchronized to the Dropbox Folder on the other one.

And to make the thing perfect:
There are also clients for Android and iPhone as well as an "GUI-less" Version:
Thats right, you're able to install Dropbox as "Backupmedium" to an Headless, Commandline only Linux Server.
( http://wiki.dropbox.com/TipsAndTricks/TextBasedLinuxInstall )

So - I really can recommend it after using it for some months already, so I would suggest you to test it.