By Rob Cosgrove
Online Backup Software by Remote Backup Systems is unaffected by the “Heartbleed” exploit to OpenSSL that was revealed recently.
“OpenSSL” is a security protocol used by many companies to protect their websites and sensitive file transfers. A major vulnerability was recently disclosed in this open source module, which can result in the loss of very sensitive information like passwords, encryption keys, and the contents of files uploaded to Online Backup services.
Remote Backup Systems uses no open source modules in our software, so this catastrophic vulnerability does not affect any of our Online Backup software or any of our software used by our Partners.
It also does not affect any of RBS’ websites or portals, since all of our sensitive servers run on Microsoft Windows.
It DOES however, affect Ahsay(1) and Vembu Storegrid(2.) See below for citations. (This line was stricken because we have an unverified report challenging our assertion and we are granting the benefit of the doubt. These products ARE, however, affected by the following…)
Once again I’m warning you to steer clear of Online Backup solutions that use Open Source software. While there’s nothing intrinsically wrong with using Open Source, and MANY (if not most) companies use it in one form or another, it can seriously complicate security by making it next to impossible to maintain up to date updates to software that contains it.
For example, one of the companies mentioned above uses at last count fifteen (15) open source modules in their software. Each open source module is being actively developed and upgraded by a separate team of people who do not work for the above companies, do not communicate with one another, and are under no obligation to notify the above companies that a security patch is available.
When a critical security patch is applied to any of these open source modules by their development teams, the correct procedure is for the company using it to immediately learn about the patch, patch their product, and then to push out a patch to their Partners, and for their Partners to immediately push out a patch to their end users.
See the problem here? With fifteen different teams working independently, it’s next to impossible for an Online Backup company to stay current on all patches, and far more impossible for them to distribute patches as quickly as they should, and even more impossible for Partners to upgrade their end users.
Proper security patch distribution for such a mix and match software product might require Partners to update their end users ten or more times per month!
RBS uses no Open Source software. We maintain up to date security patches and make it easy for our Partners to do so, too.
http://www.google dot com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCgQFjAA&url=http%3A%2F%2Fwww.ahsay.com%2Fdownload%2Fdownload_document.jsp%3FdocumentName%3Dprd_admin&ei=XtFGU527MfKkyAHutYC4CA&usg=AFQjCNFFgv9BoWe3PY4_T9pUFAVX5jP-RQ&bvm=bv.64507335,d.aWc
http://storegrid.vembu dot com/online-backup/sp-help/freebsd-client-only-installation-guide.html