IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cloud-storage]

110 questions
72
votes
15 answers

Are cloud storage services a good strategy to protect against ransomware attacks?

I have been reading a lot here about Ransomware attacks and I am wondering if my strategy for protecting myself is valid or not. I have 10Gb of personal data and 90Gb of photos and videos. I have them in D:\ drive in two separate folders. Personal…
Oscar Foley
  • 850
  • 1
  • 7
  • 12
70
votes
12 answers

Storing passwords in access-restricted Google spreadsheets?

I saw someone's interesting practice to store sensitive information. He is saving all his thousand logins (including banks and email) in a access-restricted Google spread sheet, stored on his Google drive. The link to the document is shortened using…
Loves Probability
  • 825
  • 1
  • 6
  • 6
66
votes
13 answers

Storing KeePass database in cloud. How safe?

It certainly would be more convenient to store my KeePass database on either S3, Dropbox, or better yet SpiderOak. My fear is having my cloud storage account compromised then having the credentials recovered by either brute force or some other…
dperry1973
  • 763
  • 1
  • 5
  • 5
23
votes
6 answers

Is it safe to publish the hash of my passwords?

How unsafe would be to publish the hash of my passwords? I have written a Python script for helping me to remember my basic passwords (computer password, encrypted backup password, AppleID password, and KeyChain password). It is hardcoded inside…
L.A.
  • 349
  • 1
  • 2
  • 9
21
votes
9 answers

Keep encrypted files in sync on a cloud service, without having to upload an entire encrypted volume each time

Situation: User has several folders worth of GBs which they want to keep in sync on a cloud service (for example Mega or Dropbox) in an encrypted form; User does not want to sync a single encrypted volume, because this would mean, obviously,…
nico
  • 341
  • 1
  • 2
  • 9
18
votes
8 answers

Are 7-Zip password-protected split archives safe against hackers when they are password-protected a couple of times?

Imagine I wish to upload my sensitive personal information (photos, document scans, list of passwords, email backups, credit card information, etc.) on Google Drive (or any other cloud service). I want to make sure this entire bunch of data is as…
Neli
  • 229
  • 1
  • 2
  • 6
6
votes
3 answers

Is it OK to pass credentials to the client to allow it to upload files to Amazon S3?

Our mobile app will be uploading images to AWS S3. The question is whether to do one of the following options: Upload the image to our APIs server, then our APIs server uploads the image to S3 Pros: More secure, as the S3 credentials is only stored…
Samir Sabri
  • 163
  • 5
6
votes
3 answers

Should I delete locally synced data if the user can't log in?

I'm building a Mac app that syncs the user's documents down from a third-party cloud service. When you set it up, it will sync all your documents down to the local hard disc, at which point you can access it in Finder. For the purpose of this…
Kartick Vaddadi
  • 163
  • 4
6
votes
3 answers

Should I consider my Google Storage identifier as a secret?

Google Storage URLs look like this: gs://pubsite_prod_rev_0282398762349676320630463/data.bin Accessing content at that URL requires authentication. That being said, should I consider the 0282398762349676320630463 part as a secret? If not secret,…
Nicolas Raoul
  • 1,276
  • 2
  • 12
  • 17
6
votes
2 answers

Are services who offer to pay you a rent for your unused hard disk space a scam, and how do they work?

I've seen several services advertised on social media which claim to pay me a rent if I let them use my unused hard disk space. There is usually a nice-sounding explanation about cloud storage and being able to earn money while being part of a…
vsz
  • 707
  • 1
  • 8
  • 19
5
votes
2 answers

How does the optional "e-mail password reset" at sync.com work?

Sync.com proudly advertise that the company can't access your data but they do provide an optional email-based password reset. Most cloud storage providers differ from Sync because they can access, scan and read your files. Sync's end-to-end…
D.H.
  • 181
  • 4
5
votes
1 answer

What happens if a Dropbox folder is encrypted by WannaCrypt / WannaCry?

Does one's Dropbox "data in the cloud" also get encrypted?
thanks_in_advance
  • 187
  • 5
5
votes
2 answers

WD My Cloud Vulnerabilities - What is at risk?

Recently there were around 70 vulnerabilities found within Western Digital's "My Cloud" devices. I am curious to know more about the scope of these vulnerabilities. All of the vulnerabilities have been listed by Eploitee.rs here. There they talk…
Adjit
  • 159
  • 4
4
votes
0 answers

How can we protect encrypted files and directories from being fingerprinted when stored on online storage services?

Assuming that online storage providers are considered untrusted, if files and directories are encrypted, how can these be protected against fingerprinting? The files are encrypted using rclone's implementation of Poly1305 and XSalsa20 before being…
Ryan
  • 93
  • 5
4
votes
2 answers

Is it safe to upload a read-only encrypted volume to a cloud folder?

I know keeping an active encrypted volume (like a VeraCrypt drive or a simple zip folder encrypted with AES256) on Dropbox/OneDrive/Gdrive/etc. is risky; data can be corrupted and the pattern of modifications can be a clue to an adversary, as is…
Dark Lotus
  • 41
  • 2
1
2 3 4 5 6 7 8