Wednesday, April 9, 2014

TeamDrive and the Heartbleed OpenSSL bug - Is my Data Secure?

In case you have not heard about it yet, a rather nasty security vulnerability in the Open Source cryptographic library OpenSSL has been discovered. Dubbed "Heartbleed", it can result in unwanted information disclosure on both ends of a communication channel that is encrypted with SSL/TLS (for more details, check the dedicated web site about this issue at http://heartbleed.com/).

 How does this affect TeamDrive and your data?

The TeamDrive Client uses cryptographic functions provided by OpenSSL to perform local AES-256 encryption of your data before it is transmitted to a TeamDrive Server. Because the data has already been encrypted locally, the TeamDrive Client-Server communication does not establish an additional secure communication channel via SSL/TLS - this reduces the overhead and makes it easier to propagate data through proxy servers. Therefore we're not affected by this vulnerability here, as it only affects secure communication channels established via SSL/TLS.

However, there are two scenarios in which the TeamDrive Client establishes SSL connections:

  • If you need to access TeamDrive Spaces hosted on an SSL-enabled WebDAV server 
  • If you publish versions of a file on a TeamDrive Host Server that has SSL enabled for publishing (this requires a TeamDrive Professional Client license). Publishing via SSL is currently not enabled on the host servers of our public TeamDrive cloud, but may be enabled on TeamDrive Host Servers that you manage on your own premises.
 In both cases, the client will establish an SSL connection to the server, thus making it potentially vulnerable to this particular bug, if the server has been taken over by a malicious user. However, the server itself would have to be compromised beforehand and modified in such a way that it can be used to exploit this vulnerability. Simply running a server with an affected OpenSSL library does not automatically lead to any information disclosure here, but may provide a potential attack vector for gaining access to the server.
The TeamDrive Client's version of OpenSSL depends on the client version and platform. With the exception of Mac OS X and Windows, our Clients have been built against a bundled version of OpenSSL, which is currently at version 1.0.1 for the latest builds. We'll be releasing updated clients shortly to fix this bug.

By Lenz Grimmer

Tuesday, January 7, 2014

TeamDrive receives Amazon Partner Network Advance Technology Partner Status

by Volker Oboda, CEO TeamDrive


We are proud to announce that TeamDrive Systems received the status of Amazon Partner Network Advanced Technology Partner.


Amazon Partner Network Advanced Technology Partner logo


The entire TeamDrive team has worked hard to build and refine our secure and industry leading sync and share solution and this designation is an important milestone that reinforces our past and present achievements.

We also want to thank our numerous customers and users and are thankful for your continuing support. Your input helped us shaping and improving TeamDrive and made this possible.


For all those who have not used TeamDrive yet:
TeamDrive is a collaboration software and service to sync your files easily and securely with 256 bit AES end-to-end encryption using the TeamDrive cloud or your own server.


Download TeamDrive today and check out our web site for more information.