Solved

risks of using YouSendIt & DropBox & GoogleDrive

Posted on 2016-08-16
12
80 Views
1 Endorsement
Last Modified: 2016-08-18
Q1:
Are files exchanges risky (ie data got leaked, data got corrupted or infected with malware) using above mentioned?

Q2:
I noticed that google drive don't allow files zipped with password to be uploaded (not even to attach to
gmail): purpose of zipped with passwd is to protect sensitive data (& convey the password to trusted
party via phone or other channels) but if encryption is disallowed, then we have risks of data leaks
(eg: Wiki Leaks?)
However, if we allow encryption, there's a chance a malware is inside the zip.  So this is a chicken &
egg issue or those tools mentioned provides encryption without risk of malwares being uploaded
/transferred?
1
Comment
Question by:sunhux
  • 7
  • 4
12 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41757824
Dropbox is secured by password for access. I have a strong password and no issues at all.

Gmail, and indeed most mail, is encrypted now. I do not think a virus can get into legitimate mail, but you need a strong spam filter to filter out bad emails.

As always, do not open emails from strange people or go to dodgy website.

The tools, Dropbox, Gmail, most Mail, Google Docs are protected, but you still have to keep your wits about you.
0
 

Author Comment

by:sunhux
ID: 41757849
Some of my much older gmail are still using very simple passwords :
I suppose this means the same for my GoogleDrive that are 'tagged' to
my gmail.

Suppose my 'simple' passwords got hacked (ie hacker could go into
my googleDrive) & encryption of attachments is disallowed,  then we
have risks of data leaks

 However, if we allow encryption, there's a chance a malware is inside the zip.

So how do we go about the above?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41757857
I always use encrypted ports and strong passwords.

Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you.

However, if we allow encryption, there's a chance a malware is inside the zip.  I have not seen this at all, Again, good passwords are a good defense.

If you are not properly secured, anything could happen.
0
 
LVL 17

Accepted Solution

by:
Serena Hsi earned 350 total points
ID: 41758256
A1 - There is always a risk when users are involved. Malware can come from anyone's system, even from a vendor sharing files using YouSendIt (what I've used before with ad agencies transferring really freakin big digital asset files); on the flipside, there is little risk if there are file upload/download screening tools (Avast, Norton, etc) that are scanning the Zip files coming into and out of the file sharing site.

A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with password expiration and access time limits; then it might not matter if there is a data breach or not, it'd be a second or third step for a hacker to hack the locked zip file.

If you're using Google Drive with Google Apps for Work, you as the administrator should be able to set user rights on the folders and files that are being shared within and externally outside of your network.
0
 

Author Comment

by:sunhux
ID: 41758749
>Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you
I was trying to give a scenario that if I could use simple passwords in Gmail, my users could do likewise (for
File Sharing services/tools) & recently we have a case that despite regular educational broadcasts & screen savers
(& we have a policy in place) not to send out sensitive info, users still do so.  Sorry did not elaborate my point earlier

>A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with
> password expiration and access time limits
Thanks, good point;  I was checking WinZip & 7Zip but did not see any option to set expiration or access time limits.
QuickCrypt could do this (but it encrypt 1 file at a time only).  I'm looking for a tool which could self-destruct the file
if there are multiple (say 3) attempts to crack/brute-force the encryption password and will self-destruct (say 5-
pass secure erase) after the encrypted file has been copied.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41758750
WinZip has good encryption (I use it). Email encryption is a must-have even if not the only thing you depend up.

Common sense remains (by yards) the very best defense.

My Windows 3.1 machine in 1994 came with a simple virus from the vendor which was easily cured. I have not have any virus since in over 20 years.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:sunhux
ID: 41758773
Right, WinZip & 7zip both have encryption feature.

I'm looking for a zip tool that "could self-destruct the file if there are multiple (say 3) attempts to crack/brute-force
the encryption password and will self-destruct (say 5- pass secure erase) after the encrypted file has been copied"
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
ID: 41758775
I have not seen such a Zip tool. So far only Apple will wipe out a phone after 3 (or 5) attempts at logging onto the phone. I have not seen self destruct files. Good encryption will keep most anyone at bay.
0
 

Author Comment

by:sunhux
ID: 41759871
Quick Crypt will sort of self-destruct or expire after a specified amt of time but not upon being copied or
failed attempts to decrypt it
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41759897
I have not seen what you want and truly I have no need . I make sure files and connections are secure
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41760014
In addition, I just got an email from a (likely) legitimate company that I do not do business with and who said I requested an invoice from them. I did not.

Giveaway: The email was addressed to several unrelated people all with the same "invoice".

Delete immediately. Virus document for sure .
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41761351
Thanks, and be sure to keep your wits about you :)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now