Request for Secure File Transfer options...:)

[showtime33]

Request for Secure File Transfer options...

file uploaded.....here is your https link....expiring at.....etc....etc...

[sky-knight]

www.dropbox.com

[Soren]

You did notice in the original post where he requested a Secure file transfer. That would completely eliminate dropbox as an option.

hytechlawyer.com/?p=339

news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/

zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959

[sky-knight]

Yes, and somewhere in there you asked for "security" and placing the transfer mechanism into the network device responsible for securing the network.

This process by definition eliminates the security potential of the device.

So I responded with an appropriate answer, that met the directives of the OP, even if that wasn't your intention.

Also, did you read those links you posted? It requires the hacker to compromise the device the file is already on to gain access to the transfer medium. This isn't any less secure than storing the files on the originating machine.

[Soren]

I posted three links, each of which addressed a separate problem with the security of dropbox.

hytechlawyer.com/?p=339

This flaw was caused because an authentication token grants complete access to the dropbox account. This authentication token is valid even if the password on the account is changed. So, lets say you lose a laptop or an iPhone (or a bad guy even gets access to it for a few moments.) They now have unfettered access to your account. You have no way of knowing. And even if you suspect something is amiss and change your password, they continue to have access. This has been fixed, but only after Dropbox claimed this was a feature and not a bug and initially stated they would do nothing to fix it.

news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/

This was a problem where people could access other dropbox accounts without a password. Hundreds of accounts were compromised. This particular hack has been blocked. But if it happened once (no password!) do we really think dropbox is capable of keeping it from happening again.

zdnet.com/blog/igeneration/dropbox-deceived-users-over-security-files-are-open-to-government-searches/9959

Dropbox initially claimed that all files were encrypted and that no one was able to read them. Well, it turns out those were totally false claims. Not only can any Dropbox employee potentially gain access to the files, but they are also made available to any government who supposedly needs access.

There are a lot of more secure alternatives to Dropbox.

techpp.com/2010/07/05/dropbox-alternatives-sync-files-online/

For example, Waula seems to be well put together. Note that all files are encrypted and the only key is in the posession of the user. Therefore, Waula cannot access, allow anyone else to access, or expose through a password verification bug, any of the information.

wuala.com

There is a legitimate conversation about whether this is an appropriate app for Untangle. I could, for example, setup my own server to provide this type of service inside my network. This would be more secure than Untangle because my own servers are patched daily unlike Untangle's slow security response cycle. However, this type of service has very little attack surface. It's no where near as large as say scanning emails using clam and spamassassin. Those programs have had several bugs that provided for complete compromise of the system if a specially crafted email was to pass through their queue.

However, all that being said, I am grateful for Untangle. And this functionality doesn't really match with the core mission of Untangle, so I would much prefer that they focus their resources on improving the network gateway aspects of the program.

[showtime33]

I was meaning Secure File Transfer for a business or for SERIOUS SECURITY.....not anything remotely close to a home user or even a home business.

Like delivering your tax info by sending an email to the Gov't with a secured link to your encrypted tax information.(only available for two hrs lets say)

[pirateghost]

Quote:

Originally Posted by showtime33

I was meaning Secure File Transfer for a business or for SERIOUS SECURITY.....not anything remotely close to a home user or even a home business.

Like delivering your tax info by sending an email to the Gov't with a secured link to your encrypted tax information.(only available for two hrs lets say)

That would have nothing to do with untangle then. That would be a server behind untangle.

Sent from my Inspire 4G

[wjm2]

I don't know the first thing about dropbox, nor do I want to get involved with that discussion. Is ssh a solution for you? scp is the secure copy command to transfer files encrypted by ssh, a Windows version is called WinSCP. This is assuming you are copying to and from the UT box, not through it.

[Danp]

I'm looking to implement a web based secure file transfer mechanism behind untangle. Has anyone here used ZendTo (www.zend.to)?

[sky-knight]

Zend.to? If I wanted to do that I'd just setup a password protected folder on my Apache server with directory listing enabled. Back that up with a samba share pointed at the same folder and my users can put files on the server themselves, and pass out a login for others to get at said files.

Attempting this sort of thing on a hosted platform would make things easier. However, the bandwidth costs can get a bit intense.