This is cache of http://feeds.feedburner.com/~r/itsecurity/~3/309846261/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
European Backup Services Vulnerable to Attack
2008-06-11 11:49:32 by Editor in IT Security - The IT Security Industry's Web Resource
 

Online backup is seen as a good strategy for preventing data loss, in case of a disaster at a local datacenter or on a local machine. But apparently the software used by over 100 services is vulnerable to a man in the middle attack, even though it uses SSL to secure the connection:

Tests by heise Security show that four of the six services tested were vulnerable to attack.

While all of the tested systems encrypt communication with the backup server using SSL, external attackers can sniff the access code as plain text by acting as a man-in-the-middle (MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the server’s certificates. In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers.

Four of six may not be a large test sample, but it does raise concerns about trust between customers and their service providers. If you’re providing or purchasing this kind of service, you might want to look into it closely to make sure your data is secure.

 
Tags: vulnerable, attack, client software, software, services, vulnerable systems, data loss, backup servers, middle attack
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia