Data Backup Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Are Your Backups Safe After Heartbleed?

Heartbleed is the name for a vulnerability that hit the internet at the start of April this year. It affected a huge amount of websites and prompted many to change their passwords. You’ve probably seen notices on some of your regularly visited websites telling you about Heartbleed. But what is it?

Heartbleed affects something called OpenSSL. This is open-source software that encrypts sensitive information on the web. It has been in existence for a long time and it’s free, making it a popular choice for website developments – users include services like Google and Facebook.

A feature was added to OpenSSL two years ago by a programmer called Dr. Robin Seggelmann. This feature was called Heartbeat and helps servers that use OpenSSL to talk with computers, sending pieces of data back and forth.

However, an error in the coding meant that visitors to websites could request larger data transfers from the memory of the server; the data therein could include information like login details.

A patch was made to rectify the error when it was discovered and at time of writing every site using OpenSSL should now be protected from the flaw.

It is believed that only around 17.5% of servers were directly impacted by Heartbleed. The vulnerability was around for two years, but the only data breach currently known was of Canada’s tax records. As it stands, it was quite difficult for hackers to exploit, so it is likely that personal data was kept secure.

You might be wondering whether your specific backup service is safe or not after Heartbleed. The best advice that can be given is to check your provider’s official website and see if they have any information posted about it, perhaps on their blog. If not, you might want to email them or give them a call to see if they can offer any details.

Nevertheless, it’s always better to be safe than sorry. That is, there’s no harm in changing your passwords just to make sure. In fact, that’s a process that you should probably get into semi-regularly – again, better to be safe.

CrashPlan: Affected, with a patch implemented on the 8th of April. They recommend changing your password.

SugarSync: Not affected as they didn’t use the version of OpenSSL that was affected.

BackBlaze: Also not affected due to using a different version of OpenSSL that wasn’t vulnerable.

SOS: Doesn’t use OpenSSL at all, so wasn’t affected.

SpiderOak: Affected, but they weren’t using the affected OpenSSL version on their public cloud backups. They implemented a patch and there’s no need to change your passwords.

Dropbox and Box, although not specifically backup services, but popular cloud storage services, were also affected and they recommend that you change your password.

For those who need to change their passwords, remember to combine letters, numbers and special characters, make it long and don’t use personal details that people could guess. Additionally, don’t use simple and easy to guess passwords. Finally, use a different password for every backup account you have (if you use more than one).


No comments yet. Sign in to add the first!