Release Date: 10/16/2014
Version: 3.0.1
Earlier this week, Google researchers released information on a newly found bug they dubbed “Poodle.” The Backblaze client was never in danger of the Poodle exploit, as all of the data is first AES encrypted on the client (computer) before being uploaded to a Backblaze data center via HTTPS. This means that if the Poodle exploit were used, no data would be visible as it would be encrypted. Additionally, since we do not outsource the servers that Backblaze data gets transferred to, we control the entire trip from your computer to our data center, where the data is stored in encrypted form on our Storage Pods.
A bit more about Poodle and Backblaze:
According to The Verge, the bug exploits SSL v3 within HTTPS and if exploited, “a sophisticated attacker could intercept and replace data in transit.” Since news of this broke, Backblaze has made changes to its front-end website servers so that communication is done via TLS, no longer allowing for SSL v3 to be used.
Today we are releasing Backblaze version 3.0.1, for both Mac and Windows clients. In this update we change the Backblaze client’s communication method with our data center, defaulting to TLS, and not allowing SSL v3 as a communication method.
Update to 3.0.1 now by:
- Right clicking on your Backblaze icon and choosing “check for updates.”
- Download directly from here.
Updating to version 3.0.1 is optional.
