May 28, 2008
Bullguard has released a patch for the security hole in its backup software that was discovered recently by heise Security. Because the client did not check the server’s certificate, attackers could break into the connection as a man in the middle and sniff encrypted administration information on the wire.
Theis Søndergaard, CTO of BullGuard, told heise Security that the update is being distributed by the client’s automatic update function. Update release has been scheduled for 26-28 May.
Below is the official announcement from BullGuard:
May 26, 2008
A vulnerability in BullGuard Backup has been discovered and patched. The patch is being automatically distributed to all users of BullGuard Backup. No user-action is needed to receive the patch.
As disclosed in the online magazine Heise.de Friday May 23 2008, a number of Online Backup services are exposed to a vulnerability, compromising the security of the traffic between the end-user and the backup servers. The story can be found here
BullGuard has investigated the issue, and confirmed that BullGuard Backup was vulnerable to the attack described, due to not properly verifying the SSL certificate on the server, as otherwise designed. We have created a patch for this issue, which is currently being released through the auto-update feature in BullGuard Backup. The release-schedule for the patch is as follows:
- Monday, May 26 2008, 6PM: German, French, Spanish, Dutch
- Tuesday, May 27 2008, 10AM: Danish
- Wednedsay, May 28 2008, 10AM: English
No action is required by the user to receive the patch, as it is released through our auto-update system.
Kind regards
The BullGuard Team
Related Story:
German Reviewer Finds Carbonite and Mozy as Secure, but Four Others Insecure
Related posts:
- Update Version Patch Released for Vulnerability in Ahsay Backup
- BullGuard Releases BullGuard Backup as a Retail Product
- BullGuard security to ship with Optima PCs
- German Reviewer Finds Carbonite and Mozy as Secure, but Four Others Insecure
- REVIEW of 10 Online backup Companies: Carbonite, BT Digital Vault, IDrive, Diino, MozyHome, Steganos, IBackup, BullGuard, SkyDrive and Mamut
Top 25 Online Backup Rankings
- Top 25 for December 2008
- Top 25 for November 2008
- Top 25 for October 2008
- Top 25 for September 2008
- Top 25 for August 2008
Most Recent Reviews
- Review: Live Mesh, Skydrive and Office Live Online Storage
- Review: OPENRSM CloudBackup Online Backup
- Review: DataDepositBox Online Backup
- Review: Evault Online Backup
- Roadtest: Online Storage (MobileMe, JungleDisk, Mozy, Xdrive)
Search
Most Recent News
- Trust the UK Government with my Data? No way!
- Storage Technology Online Community (StorTOC) Launches
- Backup tapes heading for the waste bin, says new research report from Connect
- DataDirect Networks Posts 308-Percent Growth, Rises 24 Places in Latest Deloitte Technology Fast 500
- Waverley secures online backup and recovery services for NHS with i365 UK Ltd A Seagate Companyemail this article
- Stratify Introduces First eDiscovery Disaster Recovery
- Insurance for Data Is Increasingly Going Digital, Off-Site
- IASO Introduces Backup Server 5.0 for Windows
- Consolidation Reshapes Online Backup Market
- Simplifile and eFileCabinet Announce Integrated Electronic Document Management and Recording Solution
Links
Online Backup Feeds, Videos and More
Follow us at Twitter
Online Backup Related Videos
- Youtube Videos Tagged "Online Backup"
- Youtube Videos Tagged "Online Data Backup"
- Youtube Videos Tagged "Online Data Storage"
RSS feed for comments on this post · TrackBack URI
Leave a reply