Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I just read the actual whitepaper (https://github.com/kholia/dedrop/blob/master/paper/accepted/...) and one of the interesting takeaways is that this particular reverse engineering resulted in the discovery of actual vulnerabilities that were responsibly reported to Dropbox and patched.

Simply asking Dropbox how this stuff worked would've (probably) never uncovered these security issues.

Edit:

Just wanted to add one more benefit of this attempt at reverse engineering, from the whitepaper's introduction:

> Our work reveals the internal API used by Dropbox client and makes it straightforward to write a portable open-source Dropbox client



Do you ever find it amazing we still run closed sourced software?

Is it not bad enough the Microsoft and Adobe hegemony force the entire world to have an attack surface wider than Jupiter to exploit at the whims of eastern european teenagers?


Open source alternatives exist for most major Microsoft and Adobe products. It is just a question of how much user experience you are willing to sacrifice for safety.

And open source products are not inherently safe--vulnerabilities are found in all software products, that is not a phenomenon limited to the closed source world.


This isn't true.

Adobe's suite isn't just 'user experience'. It's functionality.

Show me an open source alternative to Premiere, or After Effects, or even easier: InDesign, Photoshop, Illustrator, Edge.

I bet for any open source alternative you find, I can show you a huge set of features that everyone uses, that it doesn't have.


In the real world, when you talk to people (serious Business People doing Business Things), they'll spout of gems of "can you send it to me in Adobe?" or "hey, is Adobe on this machine?"

I'm not too worried about exploits in After Effects or Lightroom.

Adobe = "pdf reader" to almost every computer user in the world. Adobe even took PDF out of their product name to just call it "Adobe Reader." (More appropriate name: Adobe Helps Hackers Slurp All Your Data Away ... Reader)

With Windows + Office + IE + Adobe Reader, you'll be safer just sending the bad guys your corporate secrets directly. It'll save you the shock of when you discover for the past six months all your data has been round robin copied to BIRC.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: