Thinking about it, some encryption of your DropBox stuff might help here too...there's stuff like DataLocker about that I know can do this. I suppose the other thing to point out is that there isn't a vulnerability in DropBox itself per se, it's just that if you have DropBox installed on a machine connected to the corporate network, then it gives a hacker with access to that machine a lot more leverage to compromise the network, if I'm understanding it correctly.
Cheers, JR On 16 April 2013 15:21, James Rankin <[email protected]> wrote: > Way to beat that nasty...whitelisting. > > I guess that vector would work for a lot of these synchronization clients, > so I guess good whitelisting is the only way. Luckily as I've started using > AppSense DataNow instead of DropBox for mine, I get AppSense Application > Manager along with it, which is probably the best whitelisting product I've > seen. > > Very interesting read though, just shows that traditional AV can't really > fend off a determined hacker. > > Cheers, > > > JR > > On 16 April 2013 15:07, Ziots, Edward <[email protected]> wrote: > >> Here is the slide deck on this:**** >> >> >> https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf >> **** >> >> ** ** >> >> Good reading, scary thought but a lot are using Dropbox and not thinking >> about the consequences….**** >> >> >> http://www.techrepublic.com/blog/security/dropsmack-using-dropbox-to-steal-files-and-deliver-malware/9332?tag=nl.e036&s_cid=e036&ttag=e036 >> **** >> >> ** ** >> >> Food for thought, especially from regulatory compliance standpoint. **** >> >> ** ** >> >> Z**** >> >> ** ** >> >> ** ** >> >> Edward E. Ziots, CISSP, CISA, Security +, Network +**** >> >> Security Engineer**** >> >> Lifespan Organization**** >> >> [email protected]**** >> >> Work:401-444-9081**** >> >> ** ** >> >> ** ** >> >> This electronic message and any attachments may be privileged and >> confidential and protected from disclosure. If you are reading this >> message, but are not the intended recipient, nor an employee or agent >> responsible for delivering this message to the intended recipient, you are >> hereby notified that you are strictly prohibited from copying, printing, >> forwarding or otherwise disseminating this communication. If you have >> received this communication in error, please immediately notify the sender >> by replying to the message. Then, delete the message from your computer. >> Thank you.**** >> >> *[image: Description: Description: Lifespan]* >> >> ** ** >> >> ** ** >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > > > -- > *James Rankin* > Technical Consultant (ACA, CCA, MCTS) > http://appsensebigot.blogspot.co.uk > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image002.jpg>>
