I'm sure Dropbox takes security seriously and works hard at it but this piece doesn't tell me a lot more than that except in much longer form. You can find/replace 'trust' (and 'security') with 'truck' and come away as informed and potentially slightly more amused.
Some informative parts that keep their meaning under s/trust/truck/g include:
"... daylong social engineering workshop designed and led by internal experts that immersed them in a hypothetical scenario involving a malicious insider."
"... a hands-on workshop where Dropbox employees researched, crafted, and presented their own phishing schemes."
"... our annual Capture the Flag"
It's interesting the emphasis on social attacks. You only have to get the cryptography right once, but every employee needs to defend against social engineering.
These sorts of hills grow to mountains with the bones of hopeful pedants who die on them. But I think there's still a chance to hold this one. That's not what 'zero knowledge' means, it's a technical term for a different thing.
We call this "provider-independent security" in capability theory; the idea is that a security guarantee, like privacy or confidentiality, is inherent in the construction regardless of who is providing the service.
pvg|7 years ago
tlb|7 years ago
"... daylong social engineering workshop designed and led by internal experts that immersed them in a hypothetical scenario involving a malicious insider."
"... a hands-on workshop where Dropbox employees researched, crafted, and presented their own phishing schemes."
"... our annual Capture the Flag"
It's interesting the emphasis on social attacks. You only have to get the cryptography right once, but every employee needs to defend against social engineering.
dokem|7 years ago
java-man|7 years ago
mehrdada|7 years ago
pvg|7 years ago
myWindoonn|7 years ago