Response from MyDropBox

By  | 12/14/2007 | Filed under: General

I just received this response from Max Lytvyn at MyDropBox:

I’m sorry for the delayed response. I met with the development team regarding the issue you mentioned. It turned out this was a known issue since this past fall, and we had a fix ready. The fix was not deployed not to introduce any changes to the system during the peak usage time. Now, that the peak season is over, we deployed the fix and the exploit no longer exists.

Unfortunately, the flaw is still present and active. Max has been informed. More soon…

..:: Update: December 15, 2007

After I provided Max a link to an example of the flaw (without expiring links), he wrote back:

The link that you provided is from a different product (MyDropBox individual, which is completely different from MyDropBox 2.0 provided to ALL institutional clients). This product has permanent links to reports, as these links are delivered to users via email, and thus should not expire. There is no fix for this particular version of the product at this point, but this product is used by less than 3% of our clients. We will develop a fix for it before the beginning of the next semester.

Post to Twitter Post to Facebook

Comments


About

Dr. John Moravec is a faculty member in the Department of Organizational Leadership, Policy, and Development and the Innovation Studies/Master of Liberal Studies graduate programs at the University of Minnesota. He is the principal of Education Futures LLC; a co-founder of the Horizon Forum, a roundtable on the future of education at all levels; and is the editor of Education Futures. He can be emailed at john@educationfutures.com.

http://www.educationfutures.com/john

Tags: , ,

Leave a Reply

Your email address will not be published.


Related posts

Another critical security flaw with anti-plagiarism software

I’ve found a second critical security flaw with anti-plagiarism software.  This time, it’s with MyDropBox, and the problem is arguably more severe.  Again, private student data and student work are being made available to third parties. I’ve reported the problem to MyDropBox, and will provide more details on this after I hear back from them. [...]


Blackboard announces SafeAssign is safer now

Blackboard Beyond‘s Greg Ritter sent me a note announcing that “the issue [I] experienced with SafeAssign that enabled [me] to gain access to a SafeAssign user’s paper has been resolved. Blackboard released a new version of the SafeAssign central service as well as a new version of the SafeAssign Building Block last Tuesday, November 20.” [...]


A positive nod to Blackboard

I received a call this afternoon from a third-party developer who confirmed the Blackboard Beyond Initiative is working aggressively on a fix for the critical flaw in its SafeAssign product reported at EF on Tuesday. The good news is that student data is no longer being distributed into the wild. This is a huge gain [...]


Redacted post … unredacting next week

After reading yesterday’s post on SafeAssign at least 31 times today, Blackboard Beyond Initiative product director Greg Ritter (who also blogs) called me to voice Blackboard’s objections over sharing information on the software flaw that broadcasts submitted students’ papers across the Internet. I thought a personal call from the company was much better than receiving [...]


SafeAssign isn’t safe for students

The cheerfulness among undergraduates at my institution has transformed suddenly into overt displays of despair and depression. This can only signal one thing: midterm grades are coming in. Another sign midterms are being graded: the Education Futures access.log has been receiving many referral hits from websites claiming to thwart plagiarism. Students, please note that submitting [...]


About

Education Futures explores a New Paradigm in human capital development, fueled by globalization, the rise of innovative knowledge societies, and driven by exponential, accelerating change. Education Futures is owned and published by Education Futures LLC.