Submission + - Online backup services with severe security holes (heise-online.co.uk)
juct writes: "Online Backup is cheap, easy and because of strong encryption even secure. But hold on — even though service providers for online backup do encrypt data locally and secure the communication with the backup server via SSL there might be something missing. In a test heise Security found that four out of six tested backup clients did not do strong authentication. Because they did not check the certificate of the server, the heisec testers were able to mount a man in the middle attack. In two cases that gave them access to all the stored data, in the other two they were at least able to delete all backups."