The paper goes to great lengths explaining how Dhiru and Przemyslaw successfully gained access to a victim’s Dropbox account and files. The two also mentioned in the paper with each new version of Dropbox, developers were able to harden the client’s security, which in turn eliminated one or more attack vectors.
Essentially they figured out how Dropbox auto-authenticates you into Dropbox.com when you click the link to launch the website from the app. What always worries me about these types of hacks, the same as Kassner worries, is how long they have been in the wild without anyone knowing.
I don’t feel nearly as optimistic about Dropbox security as Gabe does. It feels to me that the better target for hackers now is services like iCloud, Dropbox, and SkyDrive instead of attacking OSes. Why bother attacking a physical machine running Windows or OS X, if you can instead target a service that stores the actual files for millions of physical machines?
I feel like this is just a tip of a very large iceberg surrounding cloud file storage.