Retrospect Blog

Retrospect not affected by Heartbleed

It's been a week since the Heartbleed vulnerability in OpenSSL was publicized. A memory bug introduced in December 2011 to the OpenSSL library (v1.0.1) translated into more than two years of potential data exposure on many major websites. Many sites are alerting their customers when they have fixed the issue, urging customers to change their passwords to prevent any future fraudulent activities. Do not update a password (or even log in) until verifying a site is not vulnerable, using a Heartbleed verification tool.

All Retrospect products are safe. Your backup data was never at risk. We have verified that our secure communication channels are not affected by Heartbleed. The only part of the Retrospect product line that includes OpenSSL is our VMware add-on, which uses the unaffected v0.9.8 in the VDDK package. Our website and our online store are also safe and were never affected. Our forum was patched immediately, but if you have any concerns, please change your password for it. No need to worry about your Retrospect backups or any Retrospect transactions.

This revelation does highlight a danger with cloud services. Cloud services are extremely convenient; they allow our data to follow us to any device. However, that convenience comes at a price. The only protection is a set of credentials, not physical location. A trivial bug introduced by one person made its way into almost every major online service and exposed the data of hundreds of millions of people. Two weeks ago, no one would have believed their online data had been vulnerable for the last two years. Now, it seems like only a matter of time until someone finds the next bug.

No data protection plan is complete without a local backup and a remote backup, using tape, disk, or cloud service. Unforeseen issues like Heartbleed come up, so be sure to keep a local backup. No one can erase it with just a set of credentials.

Bio

Kristin Goedert

Kristin Goedert is Director of Marketing and has been with Retrospect for more than a decade.