- security News Forums
- > Some online backup services insecure
- > Memopal assures a high level standard of data security
Posting 
Memopal assures a high level standard of data security 10 June 2008 16:10
Memopal (www.memopal.com) is constantly evolving its security model
to assure a high level standard of data security.
In Memopals’ infrastructure, all the connection between client and
server are SSL-encrypted using server-side certificate and every
connection to a server having an un-trusted certificate is refused by
the client to prevent the Man in the middle attack.
The authentication phase starts only after a valid SSL connection is
established, so when a fake certificate is proposed to the client no
username or password is sent from the client to the server.
Moreover, to install the Memopal client is necessary to gain a
privileged user account, so nobody may have installed Memopal on your
PC to steal your data.
Data are transferred encrypted from the client to the server, and are
stored in an encrypted FS also distributed in chunks with a RAID-5
like policy.
Watching inside the MGFS (Memopal Global File System) it’s impossible
to know who owned the backuped file and the original filename. So if
someone takes a storage unit from the Memopal infrastructure, he
never has access to a common sense information to disclose it.
The data structure contains the associations between the file and the
owner is also encrypted and not accessible to the support people
during the support phase.
In the current beta-release we are testing a client-side certificate
validation to prevent possible server-side attack.
Andrea Cecchetti
Chief Information Security Officer - Memopal