No quality without security
freeware, security and thoughts about risk
top
Security Dashboard
News Dashboard
Webmaster Dashboard
Internet dashboard
Fun dashboard
Headlines niet beschikbaar
Fout bij het lezen van RSS feed

11-06-2008

100 online backup services (of which COMBELL) are maybe vulnerable to attacks

Some on-line backup services fail to provide adequate security, meaning attackers can read and even change the data being backed up or restored when it's transmitted over the internet. Tests by heise Security show that four of the six services tested were vulnerable to attack.

While all of the tested systems encrypt communication with the backup server using SSL, external attackers can sniff the access code as plain text by acting as a man-in-the-middle (MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the server's certificates. In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers

http://www.heise-online.co.uk/security/Some-online-backup-services-insecure--/news/110771

More than 100 services are vulnerable of which those in Belgium
Delen
11-06-2008, 11:38:07 Open intelligence to combat ecrime
Security   Algemeen
z z
Reacties

29-09-2009, 13:52:16

Well… I visit your website first time and found this site very useful and interesting! Well… you guys doing nice work and I just want to say that keep rocking and keep it up!!!!
Adam
[url=http://www.storageguardian.com]remote backup service[/url]

Adam
adambrown70@gmail.com

29-09-2009, 12:21:31

Hi

Perfect blog
Jany
[url=http://www.storageguardian.com]remote backup service[/url]

sara
abc@gmail.com

29-09-2009, 12:19:22

Hiiii

This is a wonderful content. The things mentioned are undiversified and needs to be comprehended by everyone. The above cerebration is streetwise and doesn't demand any advance gain. It's perfect intellection from my take
Sara
<a href="http://www.storageguardian.com">remote backup service</a>

sara
abc@gmail.com

11-06-2008, 17:53:40

Memopal assures a high level standard of data security

Memopal is constantly evolving its security model to assure a high level standard of data security.
In Memopals’ infrastructure, all the connection between client and server are SSL-encrypted using server-side certificate and every connection to a server having an un-trusted certificate is refused by the client to prevent the Man in the middle attack.
The authentication phase starts only after a valid SSL connection is established, so when a fake certificate is proposed to the client no username or password is sent from the client to the server.

Moreover, to install the Memopal client is necessary to gain a privileged user account, so nobody may have installed Memopal on your PC to steal your data.

Data are transferred encrypted from the client to the server, and are stored in an encrypted FS also distributed in chunks with a RAID-5 like policy.
Watching inside the MGFS (Memopal Global File System) it’s impossible to know who owned the backuped file and the original filename. So if someone takes a storage unit from the Memopal infrastructure, he never has access to a common sense information to disclose it.

The data structure contains the associations between the file and the owner is also encrypted and not accessible to the support people during the support phase.

In the current beta-release we are testing a client-side certificate validation to prevent possible server-side attack.

Memopal is online backup and online storage software that archives your files in real-time to a remote server. It doesn't matter how many times you change computers: You will always know where your data is. You can browse all your files from any internet location or internet-ready cell phone. You can share with friends and co-workers files that are too big to send through email.

Andrea Cecchetti
Chief Information Security Officer - Memopal

Memopal
press@memopal.com http://www.memopal.com
Vul hier je reactie in
Naam verplicht
E-mail
URL
Titel
Reactie verplicht
BBCode : Vette tekst [b]Tekst[/b]; Schuine tekst [i]Tekst[/i]; Onderlijnde tekst [u]Tekst[/u].
Anti-spam verplicht Typ de onderstaande karakters over in het invoervak. Dit vragen we om geautomatiseerde spam tegen te houden.
- Klik hier of op bovenstaande afbeelding als je de karakters niet kan lezen.
(verplicht = verplicht!)
previousSafebrowsing initiative b... homepage
Home		 Privacy, ... what about i...next
contact belsec blog

ALL info and tips confidentiality guaranteed.

Translate
search belsec network
20 lasts posts
counting
Copyright
You can republish and link parts of what you find (not the whole thing) to whatever you find here - except the comix that you have to ask me - as long as you don't ask money for it and attribute it with a link.Made For Adsense sites have no rights.
665688
d footer