Categories
Blog Archives
Mozy and Carbonite receive high marks in security
Posted by Joe on June 2nd, 2008
A recent test of online backup services by a German computer security publication Heise found that Mozy and Carbonite were the two most secure services with extensive protection against many types of common hacker attacks.
Heise concluded that each of the six online backup services tested did use fairly complex security measures but, in some cases, they left elementary loopholes open to curious criminals. As stated in the Heise report:
[Online backup services] say they store customer data safely, some of the elementary security measures they take are implemented so carelessly and unprofessionally that they can easily be overcome.
Mozy and Carbonite, the only two services that we have reviewed which were included in the Heise testing, both successfully thwarted all attempts by testers to gain unauthorized data stored on either service. Heise gave the slight edge to Mozy as the test team preferred the companies handling of certain types of hacker attacks.
While we already think very highly of both these services, we are glad to see some additional independent verification of their quality from a security perspective. You can learn more about Mozy, Carbonite and other online backup services by viewing our online backup service comparison.
4 Responses to “Mozy and Carbonite receive high marks in security”
Leave a Reply
About Us Blog Contact UsTerms & Privacy PolicyAffiliate ProgramSite map
Copyright© 2006 - NextAdvisor.com - All rights reserved.
June 17th, 2008 at 11:50 am
[...] DivShare is not one of the online backup services we have reviewed and recommended. As we posted a couple of weeks ago, Mozy and Carbonite, two of the services that we do recommend, were recently found to be the two most secure online backup services according to Heise, a German computer security publication. Both successfully thwarted attempts by all testers to gain unauthorized data stored on either service. To learn more about Mozy, Carbonite and other online backup services we have reviewed, view our online backup service comparison. Please share this post: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
June 26th, 2008 at 12:34 am
Memopal assures a high level standard of data security
In Memopals' infrastructure every connection to a server having an un-trusted
certificate is refused by the client to prevent the Man in the middle attack.
Memopal is constantly evolving its security model to assure a high level standard of
data security.
In Memopals' infrastructure, all the connection between client and server are SSLencrypted
using server-side certificate and every connection to a server having an
un-trusted certificate is refused by the client to prevent the Man in the middle attack.
The authentication phase starts only after a valid SSL connection is established, so
when a fake certificate is proposed to the client no username or password is sent
from the client to the server.
Moreover, to install the Memopal client is necessary to gain a privileged user
account, so nobody may have installed Memopal on your PC to steal your data.
Data are transferred encrypted from the client to the server, and are stored in an
encrypted FS also distributed in chunks with a RAID-5 like policy.
Watching inside the MGFS (Memopal Global File System) it's impossible to know
who owned the backuped file and the original filename. So if someone takes a
storage unit from the Memopal infrastructure, he never has access to a common
sense information to disclose it.
The data structure contains the associations between the file and the owner is also
encrypted and not accessible to the support people during the support phase.
In the current beta-release we are testing a client-side certificate validation to prevent
possible server-side attack.
Memopal is online backup and online storage software that archives your files in realtime
to a remote server. It doesn't matter how many times you change computers:
You will always know where your data is. You can browse all your files from any
internet location or internet-ready cell phone. You can share with friends and coworkers
files that are too big to send through email.
Andrea Cecchetti
Chief Information Security Officer – Memopal
June 26th, 2008 at 9:13 am
Hi Andrea,
Thank you very much for stopping by and for leaving the detailed information regarding MemoPal's security infrastructure. We will take a look at your service and evaluate it for inclusion on our comparison of online backup services.
Thanks again,
Joe
January 29th, 2009 at 1:51 pm
So how does the user KNOW that the encryption, password protection, authentication, etc. actually occur? Is there a 'certification' that examines the actual practices of companies engaging in for-profit secure internet data transfer? How do I know that Carbonite isn't a front; that they don't simple *assert* that all of the security is in place, and actually they just collect all their user's data and sell it to the highest bidder, or run search engines to extract salable data? HOW DO I KNOW?????
In the old days (mainframes) security was PHYSICAL; if you didn't want someone to access your data, you locked up the tape…