- security News Forums
- > Some online backup services insecure
- > BackupAgent highle values preventing these kind of MITM attacks
Posting 
BackupAgent highle values preventing these kind of MITM attacks 28 May 2008 13:02
As a supplier of online backup software BackupAgent
(www.backupagent.com) highly values preventing these advanced hacker
scenarios and embedded security measures agains these
'man-in-the-middle attacks' performed by Heise.
BackupAgent protects its customers to these attacks using the
following measures:
- The client only allows connections to servers that provide correct
SSL-information, including root-certificates and private keys.
- Passwords are being hashed before they are added to service
requests
- A message signature is added to each request, which are encrypted
using a checksum.
A careful reader of Heise's article might notice that the biggest
problem is not that the hacker can intercept sensitive information,
but also that he/she can easily abuse this information to fire
commands that cause the server to perform damaging actions, like
removing data. A good security protocol should not only prevent
interception of information, but also prevent abusing this
information. This can be done by obfuscating server functionality to
unauthorized visitors. Apparently competitors of BackupAgent fail in
taking appropriate measures in both cases.
- Threaded View
- Flat View
