Re: Box's client security

[Morrow Long <morrow.long () YALE EDU>]

We've done a security review and I also have a security review and comments
from other schools in the Internet2 early adopters group for BOX.
(They are subject to re-distribution conditions from another list)

There will be a security webinar on May 8th (@1pm PST) by Box.NET on BOX
Security Architecture being given for the Internet2 / InCommon schools --
the BOX/Internet2 announcement of the final agreement for higher ed:

https://lists.internet2.edu/sympa/arc/i2-news/2012-04/msg00000.html
                                ...
Box will also be holding a security webinar on May 8, 2012, at 1pm PST to 
review the security architecture of Box. To join this webinar, please
register at: 

https://boxwebinars.webex.com/boxwebinars/onstage/g.php?t=a&d=664763416
                                ...

Morrow

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Martin Manjak
Sent: Friday, April 20, 2012 11:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Box's client security

The security provisions of The I2 NET+Box offering look good from the
provider's perspective.

We know there were problems at both ends with Dropbox (encryption keys and
the ability to manipulate the identifier on the local client).

Box looks like they've addressed the hosting side concerns, but I haven't
seen any discussions yet of how the client works (authentication,
synchronization).

Can anyone speak to this?
Marty

-- 

Martin Manjak
CISSP, GIAC GSEC-G
Information Security Officer
University at Albany
MSC 209 518/437-3813

The University at Albany will never ask you to reveal your password.
Please ignore all such requests.

Attachment: smime.p7s
Description: