Sharp developers != sharp developers who understand how to properly implement security into product.
I think it's been shown multiple times that smarts devs that do not do security all the time still are susceptible to making mistakes about security. IMO, this is one of those cases.
Miguel is right in calling for an audit but even better, Dropbox could just ask for help. I'm sure any number of savvy HN peeps would be happy to help.
I think it's been shown multiple times that smarts devs that do not do security all the time still are susceptible to making mistakes about security. IMO, this is one of those cases.
Miguel is right in calling for an audit but even better, Dropbox could just ask for help. I'm sure any number of savvy HN peeps would be happy to help.