Dropmyemail's security(blog.geeksphere.net) |
Dropmyemail's security(blog.geeksphere.net) |
- The app checks your email on your behalf.
- You need the actual password to log into an IMAP server (android also stores your email passwords in clear text if you aren't using gmail http://code.google.com/p/android/issues/detail?id=10809).
- They clearly state this in their response, which the article completely ignores. They try to use OAuth where possible.
- They store the passwords encrypted via S3. Personally, I'd prefer that to MySQL on a VPS somewhere.
- See also: https://developer.pidgin.im/wiki/PlainTextPasswords
1) The app downloads your emails into their server.
2) Yes, they store that actual password. Which is ridiculous.
3) Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.
4) But that also means that they outsource the security part of things. Which doesn't lend faith to the idea that they know about security. And if someone realises how to control their application, all the passwords will be hacked.
5) Pidgin is stored locally. There's a difference. Not that I support it, but it's still better than someone storing my passwords.
They need to do that to back up the emails. The product may not be something you are interested in, but it doesn't mean the execution is flawed.
> Yes, they store that actual password. Which is ridiculous.
They have to in order to retrieve the emails. Blame the standards!
> Yes, good for them for that, but still there are others where they store passwords. And that is not acceptable.
See above
> But that also means that they outsource the security part of things.
> Which doesn't lend faith to the idea that they know about security.
> And if someone realises how to control their application, all the passwords will be hacked.
This isn't something with a black and white answer and I respect your opinion on this. I personally feel that they may know plenty about security and have decided that this is the most secure option. For example, I wouldn't write my own crypto, because I know enough about security to know how hard it is to do right.
I think that you are practicing cargo cult security -- you're doing a cargo dance here over password storage mechanisms in a case where it doesn't apply.
Personally, I don't see a strong use-case for the product and it wouldn't be something I'd be interested in.
If I did work for them, I would happily mention it in a post.
A slightly better post might have been,
"Beware unproven email backup services. Don't forget that if they make a mistake, potentially all of your email messages can be exposed to someone else. Since you probably have account credentials for other services stored in your email box, that situation can get ugly really fast."
I strongly suggest that you drop this before digging yourself an even deeper hole in front of the people following this from Twitter.
1) Is the potential loss of privacy worth the advantages of the service?
2) Do you trust the company providing the service?
3) Could you do a more secure job of it than the company?
It's not a service I would personally use, but I have no reason to think the company providing the service doesn't know what they are doing.
> I work for to discredit you personally
If this refers to me, I was not attempting to discredit anyone.
I wanted to ensure people didn't think this was another "they store passwords in plain text because they don't know what a hash function is" stories we see every few days.
If you are interested in password security, why not write an article about Tesco?
one of the first rules i learnt in web development is this, you do not store passwords. (http://www.codinghorror.com/blog/2010/12/the-dirty-truth-abo...) you never assume that your system will be so secure that no one can hack it.
and even then allowing a 3rd party to backup your emails is a very dangerous thing to do. they say that credit card is more dangerous, i say no. for credit cards you can claim fraud.
when your email gets hacked, potentially your whole digital life is gone
so yea. not necessary
Now, if you can demonstrate that this particular company has a particularly unsafe way of storing the passwords or the retrieved e-mails, then you're getting closer to having a valid point.
Part of the service they're offering is that they'll restore the contents of your mailbox in case of accidental or malicious deletion. I have
mail:/var/mail/associatedtechs.com/rob@associatedtechs.com# find . | wc -l
24846
they should go think about how they can design a service securely before offering it.
"We offer people an off-site backup at the cost of trusting a third party with their password."
Yes, this is my main point. People have to learn that they shouldn't be giving out passwords to just about anybody.
I think this guy in the comments here (http://blog.geeksphere.net/2012/09/27/response-to-dropmyemai...) made a pretty good point. Maybe you might want to answer his doubts there?
what i am saying is that there may be some things that you forget about, because we are all humans. and in order to mitigate the risk from us being humans, we should not store passwords in a way that is easily recovered.
IFTTT does the same exact thing for some of their "connectors" services. Maybe you should go after them to.
Where IFTTT fails is that they have not IMO adequately explained just how they store these passwords.
http://www.quora.com/How-does-ifttt-securely-store-passwords...
Don't just read some web article talking about "always hash passwords" and repeat it as mantra. This is good practice for 90% of the time but there are definite use cases where having reversible encryption of passwords is necessary.
Aside from the fallacy, it is a false argument to pose all risk as bad. Given what is presumed to be your idea of acceptable risk, I would expect you to surf the net behind 7 proxies: http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies