Automatic patch released for vulnerability in BullGuard Backup
Monday, May 26 2008
A vulnerability in BullGuard Backup has been discovered and patched. The patch is being automatically distributed to all users of BullGuard Backup. No user-action is needed to receive the patch.
As disclosed in the online magazine Heise.de Friday May 23 2008, a number of Online Backup services are exposed to a vulnerability, compromising the security of the traffic between the end-user and the backup servers. The story can be found here:
http://www.heise-online.co.uk/security/Some-online-backup-services-insecure--/news/110771
BullGuard has investigated the issue, and confirmed that BullGuard Backup was vulnerable to the attack described, due to not properly verifying the SSL certificate on the server, as otherwise designed. We have created a patch for this issue, which is currently being released through the auto-update feature in BullGuard Backup. The release-schedule for the patch is as follows:
- Monday, May 26 2008, 6PM: German, French, Spanish, Dutch
- Tuesday, May 27 2008, 10AM: Danish
- Wednedsay, May 28 2008, 10AM: English
No action is required by the user to receive the patch, as it is released through our auto-update system.
Kind regards
The BullGuard Team