security software web services

Why Sugarsync rocks more than Dropbox, and how to get free space

Sugarsync vs Dropbox

Don’t know what Sugarsync is? In a few words: Easy backup, 5 GB of free space, and an easy way to share your files (especially the big ones) with other people.

If you want even more free space than those 5 GB, use this link to sign up. That way I will get some more space, and you too! And if you decide to sign up, you will get 10GB for free, on top of the package you choose.

So why should you bother with Sugarsync?

If you, like me, need to be able to send huge files wherever you are, you know how hard a task that can be. Even if you have the huge file on your laptop AND the laptop with you, you will often need to try to find a good hotspot, or connection on your mobile device. And if your luck is as bad as mine – that connection will suck.

With Sugarsync you can have all your huge work files uploaded as you create them, as well as previous versions of them online – so you are safe in case of a disk crash (god forbid!). But the really cool part is that you can use their apps on Android or iPhone to easily share that huge file with anyone you want to.

Why Sugarsync is better than Dropbox

While its possible to put something together with Dropbox to do backups of folders etc, you have to set up all kinds of extra programs or scripts to do it. With Sugarsync you just tell the Sugarsync client (Windows and Mac) what folders to sync, and you are done.

Size matters

If you are going to use a service like Dropbox, iCloud or Sugarsync for backups, and you actually have something to backup – it will become pretty clear that you will need more space. With Sugarsync that is no problem. Sugarsync has a plan that allows you 500 GB of space, thats 5 times more than Dropbox and 10 times more than iCloud! But you can choose whatever plan you like, and most of the time Sugarsync will be less expensive than its competitors.

Easy sharing

With Dropbox you need to make sure that the files you want to share is put in the public folder, with Sugarsync you can share any file you have made backups of, by creating a public link (they stay private to anyone that don’t know that spesific link).

Sharing a file from your backup with someone using Sugarsync is just a matter of finding your file on your computer, right clicking and choosing “Get public link” and you are ready to send the link to the file to anyone you want to. Or you can use the app and have that send off an e-mail with the link.

What other differences are there between Sugarsync and Dropbox?

Sugarsync has made this video that really tells more than all the words I have already wasted, sorry to spring it on you so late in the article ;)

What are you waiting for? Get backup-ing and get your free 5 GB of online storage now.

flash security

Flash Player Cross Server Scripting Security Issue

As reported on the 5th of June 2002 in a paper from Eyes On Security (Bypassing JavaScript Filters – the Flash! Attack), Flash SWF content can allow malicious users of web sites that allow users to upload or include SWF content to get access to information (cookies etc) that they aren’t supposed to have access to.

Today Macromedia has released a security tech note about the issue: Macromedia: MPSB02-08 – Macromedia Flash Player Cross Server Scripting Security Issue

It describes the problem in detail, and most interestingly offers a solution to the problem. Macromedia is announcing that they will be releasing a new version of the Flash 6 player in July, which will allow for a new PARAM/EMBED tag when including Flash content in an HTML page. The new parameter will be called “AllowScriptAccess” and can be set to “always” or “never”. When set to “never” it would disallow outbound scripting (ActionScript getURL() actions that specify a scripting statement).

[Via Mike Chambers]

flash security

Flash Cross-site scripting attack

Eyes on security has released a warning about Cross-site scripting attacks made possible on sites that allow uploadable files – Bypassing JavaScript Filters – the Flash way

Basically, if you have a forum or pages where you allow users to upload files, the user will still be able to execute JavaScript through the SWF file, even if posting of JavaScript is disabled in the forum/on the pages. Allowing JavaScript execution allows malicious users to catch other users cookies from the domain the file is placed.

The solution? Not allowing SWF files to be uploaded and displayed by default.

[Via FlashGuru via]

security software

Opera not so safe after all

Opera is a browser that I have often mentioned whenever vulnerabilities in Internet Explorer has been published (which happens a lot more often than I comment on it, but thats a digression).

But all was not good in the paradise of the Opera browser I found out today.

The Register writes:

vulnerability in Opera 6.01 and 6.02 for Windows allows a malicious Web site to grab any file off a client’s local drive with ease, GreyMagic Software has discovered. That’s the bad news. The good news is that affects only Windows, and it’s fixed in version 6.03 which is now available for download. Version 6.0 is not affected.

If you are using Opera, it would be wise to go get it updated.

[Via The Register]

news from the web security

More Internet Explorer vulnerabilities

If you are a Windows/Internet Explorer user, please pay attention.

Quote from the Technote:

Impact of vulnerability: Six new vulnerabilities, the most serious of which could allow code of attacker’s choice to run.


Get the 2 MB security fix from Microsoft or

Get the fastest browser on earth (Opera). Its also a good browser to try if you are on Linux or Mac.

flash security

ActiveX flaw exposes Flash users to hacks

Via Flazoom:

ActiveX flaw exposes Flash users to hacks

ZDNet writes about a buffer overflow vulnerability in the previous version of the Flash 6 player (revision 23), the overflow allows for attacks via some HTML e-mail clients and when visiting malicious web sites. The problem only exist for Internet Explorer on the Windows platform.

If you haven’t already, its a good idea to update to the latest version of the Flash 6 player – the update fixes the overflow vulnerability, and also fixes some other serious bugs in the Flash 6 player.

news from the web security

More security problems found in IE

If you are using Internet Explorer as your browser, using the back button could expose you to malicious code.

Microsofts reaction?
«because the proposed exploit scenario is dependent upon specific user interaction as a prerequisite, it does not meet our definition of a security vulnerability.»

Another Big MS Browser Hole Found

The security fix? Switch to Opera today.