Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Pricing

Jack Recider

👤 Person
3924 total appearances

Appearances Over Time

Podcast Appearances

Darknet Diaries
148: Dubsnatch

Yeah. But it's a backdoor in a way that I never thought it would be a backdoor, right?

Darknet Diaries
148: Dubsnatch

Yeah. But it's a backdoor in a way that I never thought it would be a backdoor, right?

Darknet Diaries
148: Dubsnatch

Nope, just a share link. Oh, yeah. It gives you a total different perspective of what a backdoor even is.

Darknet Diaries
148: Dubsnatch

Nope, just a share link. Oh, yeah. It gives you a total different perspective of what a backdoor even is.

Darknet Diaries
148: Dubsnatch

I'm just sitting here thinking about this, letting it sink in. A backdoor is built into all the file sharing sites like Box.com, Google Drive, iCloud, Proton Drive, Dropbox, whatever. Because if there exists a shared folder link, anyone with that link can see into that folder. It's a feature of the site itself. You can't take that away or it ruins the point of the site.

Darknet Diaries
148: Dubsnatch

I'm just sitting here thinking about this, letting it sink in. A backdoor is built into all the file sharing sites like Box.com, Google Drive, iCloud, Proton Drive, Dropbox, whatever. Because if there exists a shared folder link, anyone with that link can see into that folder. It's a feature of the site itself. You can't take that away or it ruins the point of the site.

Darknet Diaries
148: Dubsnatch

And what you think is yours and private really isn't if there are public links to it. When you make something shareable and you say, only people with this link can see this file, it feels like this is still private, but it's not. It's security through obscurity. Your link is hidden, but not secure. And if that link gets out, it's viewable by anyone without a username or password.

Darknet Diaries
148: Dubsnatch

And what you think is yours and private really isn't if there are public links to it. When you make something shareable and you say, only people with this link can see this file, it feels like this is still private, but it's not. It's security through obscurity. Your link is hidden, but not secure. And if that link gets out, it's viewable by anyone without a username or password.

Darknet Diaries
148: Dubsnatch

And I've been doing cybersecurity for decades and nobody is talking about auditing Dropbox links to make sure only the stuff that should be public is public. Because every file and folder may have that option and going through them all is simply unreasonable to do by hand.

Darknet Diaries
148: Dubsnatch

And I've been doing cybersecurity for decades and nobody is talking about auditing Dropbox links to make sure only the stuff that should be public is public. Because every file and folder may have that option and going through them all is simply unreasonable to do by hand.

Darknet Diaries
148: Dubsnatch

And when you're moving at the speed of business, nobody's going back to clean up or check what folders have sharing links or what don't. I say it's best to treat everything on your cloud storage as if it is publicly accessible and only temporarily put things up there if you want to share it with someone privately and then remove it as soon as they get it.

Darknet Diaries
148: Dubsnatch

And when you're moving at the speed of business, nobody's going back to clean up or check what folders have sharing links or what don't. I say it's best to treat everything on your cloud storage as if it is publicly accessible and only temporarily put things up there if you want to share it with someone privately and then remove it as soon as they get it.

Darknet Diaries
148: Dubsnatch

I also want to draw your attention to websites like urlscan.io. This is a site that is attempting to look at URLs to see if they're safe or malicious. But users can go there and search the site to see what URLs are in the database. And sometimes you can find URLs that probably shouldn't be in the public, but they are.

Darknet Diaries
148: Dubsnatch

I also want to draw your attention to websites like urlscan.io. This is a site that is attempting to look at URLs to see if they're safe or malicious. But users can go there and search the site to see what URLs are in the database. And sometimes you can find URLs that probably shouldn't be in the public, but they are.

Darknet Diaries
148: Dubsnatch

Imagine if you take a photo of your kid and it's on Google Drive, but then you want to create a link to show it to grandma. And you specifically say, only people with this link can see this photo. And you email the link to grandma. Well, then grandma has some browser plugin that examines all the links to make sure they're safe to click.

Darknet Diaries
148: Dubsnatch

Imagine if you take a photo of your kid and it's on Google Drive, but then you want to create a link to show it to grandma. And you specifically say, only people with this link can see this photo. And you email the link to grandma. Well, then grandma has some browser plugin that examines all the links to make sure they're safe to click.

Darknet Diaries
148: Dubsnatch

So when this link gets examined somewhere, bingo, bango, suddenly that link to your kid's birthday party is now floating around on the internet in all kinds of databases, being clicked on by who knows who. URL scan collects links like that. Hybrid analysis is another tool. Cloudflare Radar URL scanner is another. Not to mention, DNS providers all over the world are logging things too.

Darknet Diaries
148: Dubsnatch

So when this link gets examined somewhere, bingo, bango, suddenly that link to your kid's birthday party is now floating around on the internet in all kinds of databases, being clicked on by who knows who. URL scan collects links like that. Hybrid analysis is another tool. Cloudflare Radar URL scanner is another. Not to mention, DNS providers all over the world are logging things too.

Darknet Diaries
148: Dubsnatch

It's not just Google Drive and Dropbox. There are tons of other online storage websites that you could look for. iCloud, Box.com, Sync, Ignite, IONOS, Hydrive, AWS S3 Buckets, Proton Drive, and so many more. The list goes on and on. So the data is available. It's just a matter of sifting through it to find something juicy.

Darknet Diaries
148: Dubsnatch

It's not just Google Drive and Dropbox. There are tons of other online storage websites that you could look for. iCloud, Box.com, Sync, Ignite, IONOS, Hydrive, AWS S3 Buckets, Proton Drive, and so many more. The list goes on and on. So the data is available. It's just a matter of sifting through it to find something juicy.