06/11/2008
100 online backup services (of which COMBELL) are maybe vulnerable to attacks
Some on-line backup services fail to provide adequate security, meaning attackers can read and even change the data being backed up or restored when it's transmitted over the internet. Tests by heise Security show that four of the six services tested were vulnerable to attack.
While all of the tested systems encrypt communication with the backup server using SSL, external attackers can sniff the access code as plain text by acting as a man-in-the-middle (MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the server's certificates. In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers
http://www.heise-online.co.uk/security/Some-online-backup...
More than 100 services are vulnerable of which those in Belgium
11:38 | Permalink | Comments (2) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Comments
Memopal assures a high level standard of data security Memopal is constantly evolving its security model to assure a high level standard of data security.
In Memopals’ infrastructure, all the connection between client and server are SSL-encrypted using server-side certificate and every connection to a server having an un-trusted certificate is refused by the client to prevent the Man in the middle attack.
The authentication phase starts only after a valid SSL connection is established, so when a fake certificate is proposed to the client no username or password is sent from the client to the server.
Moreover, to install the Memopal client is necessary to gain a privileged user account, so nobody may have installed Memopal on your PC to steal your data.
Data are transferred encrypted from the client to the server, and are stored in an encrypted FS also distributed in chunks with a RAID-5 like policy.
Watching inside the MGFS (Memopal Global File System) it’s impossible to know who owned the backuped file and the original filename. So if someone takes a storage unit from the Memopal infrastructure, he never has access to a common sense information to disclose it.
The data structure contains the associations between the file and the owner is also encrypted and not accessible to the support people during the support phase.
In the current beta-release we are testing a client-side certificate validation to prevent possible server-side attack.
Memopal is online backup and online storage software that archives your files in real-time to a remote server. It doesn't matter how many times you change computers: You will always know where your data is. You can browse all your files from any internet location or internet-ready cell phone. You can share with friends and co-workers files that are too big to send through email.
Andrea Cecchetti
Chief Information Security Officer - Memopal
Posted by: Memopal | 06/11/2008
Respond to this commentWell… I visit your website first time and found this site very useful and interesting! Well… you guys doing nice work and I just want to say that keep rocking and keep it up!!!!
Adam
[url=http://www.storageguardian.com]remote backup service[/url]
Posted by: Adam | 09/29/2009
Respond to this commentPost a comment