Release Date: 10/16/2014
Earlier this week, Google researchers released information on a newly found bug they dubbed “Poodle”. The Backblaze client was never in danger of the Poodle exploit, as all of the data is first AES encrypted on the client (computer) before being uploaded to a Backblaze datacenter via HTTPS. This means that if the Poodle exploit were used, no data would be visible as it would be encrypted. Additionally, since we do not outsource the servers that Backblaze data gets transferred to, we control the entire trip from your computer to our datacenter, where the data is stored in encrypted form on our Storage Pods.
A bit more about Poodle and Backblaze:
According to The Verge , the bug exploits SSL v3 within HTTPS and if exploited, “a sophisticated attacker could intercept and replace data in transit”. Since news of this broke, Backblaze has made changes to its front-end web site servers so that communication is done via TLS, no longer allowing for SSL v3 to be used.
Today we are releasing Backblaze version 3.0.1, for both Mac and Windows clients. In this update we change the Backblaze client’s communication method with our datacenter, defaulting to TLS, and not allowing SSL v3 as a communication method.
Update to 3.0.1 now by:
– Right clicking on your Backblaze icon and pressing “check for updates”.
– Download directly from: here.
Updating to version 3.0.1 is optional.