[Box Backup] Danger of files being erased

[Alaric B Snell]

Ben Summers wrote:

> The current security model assumes that access to the client machine and 
> it's data is equivalent to access to the backups -- which I feel is 
> reasonable since an attacker can just read the unencrypted files. 
> However, future versions will have a system of "marking" snapshots, so 
> you'll easily be able to go back in time before the compromise.
> 
> There's roughly the same problem with any other backup system -- if you 
> don't notice and rotate so the good data is deleted, you've lost the 
> backup.

Yep. You can only undo changes within a finite timeframe, and the length 
of that timeframe (in the case of incremental backups) may depend on the 
rate of change of data, meaning an attacker may even deliberately 
shorten it by having his rootkit create and frequently update a 1GB file 
somewhere :-)

I presume the bbstored protocol doesn't allow any other way of getting 
rid of a backed up file than uploading changes to that file as fast as 
you can until the good version is expired, right? If so, then all you 
need is a reasonable upload bandwidth limitation and an easy way of 
getting old versions by date and/or getting "diffs" of the live system 
to see what's changed, and it could be a valuable un-rootkitting tool too!

> 
> Interesting... :-)
> 

Let's discuss this tomorrow!

> 
> Ben
> 

ABS