i was reading a news story here, and for some reason it reminds me of another story i read somewere that says it too can potentially do this, and much more, but in hardware
http://community.zdnet.co.uk/blog/0,...331828b,00.htm
Thursday 29 May 2008, 5:25 PM
Online backup insecure, says Heise
Posted by
Tom Espiner
"....
An undisclosed Heise employee
hacked into some online backup services by intercepting the connection between client and the backup server, bypassing the encryption used.
A basic man-in-the-middle attack.
"Attackers can read and even change the data being backed up or restored when it's transmitted over the internet," said the Heise article.
Heise pretended to be the backup server to the client, and the client to the backup server, using fake certificates. For the vulnerable systems, neither client nor server checked the certificates for authenticity, said a source at Heise.
....
"
http://www.heise-online.co.uk/securi...--/news/110771
"....
While all of the tested systems encrypt communication with the backup server using SSL, external attackers can sniff the access code as plain text by acting as a man-in-the-middle (MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the server's certificates.
In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers.
....
Although this MITM attack scenario may not be relevant for every customer, the scope of these security problems can hardly be overstated.
While companies say they store customer data safely, some of the elementary security measures they take are implemented so carelessly and unprofessionally that they can easily be overcome.
Backups are matters of trust, and that does not change when they are made on-line.
Those who are sloppy with security here risk losing the long-term trust of their customers.
The providers we contacted know this, and all of them have promised to close the holes we discovered.
...
"