Category Archives: Cyphertite

Cyphertite service closing: August 18th, 2015

It is with a heavy heart that I am announcing the coming closure of the Cyphertite online backup service in 2 months’ time, on August 18th, 2015.

Due to limited interest in Cyphertite, we were not able to generate enough revenue to justify continuing to operate the service. In an attempt to make transition away from using the Cyphertite service less painful for existing users, we are giving a 2 month notice that the service is ending. In some cases, this means you simply need to find another online backup service and make the initial backup there before discontinuing use of Cyphertite. In other cases, the migration process away from Cyphertite may be more involved, e.g. you need to restore some data before the service closes. I suggest you start thinking about finding a replacement for Cyphertite sooner rather than later, as in “have a proper backup at another backup provider before August 18th”.

It has been a pleasure to serve all of our customers over the past several years. We feel very strongly that everyone, not just select groups, should have access to secure data storage tools as a matter of personal privacy. As such, we truly appreciate everyone who joined us in asserting their right to online data privacy. Since we are closing Cyphertite, some customers may be left wondering “Well, great… what now? I have to find a new secure online backup service.” so I figured a few suggestions for alternatives would be helpful:

  • Windows users – For our existing windows users, we recommend SpiderOak.
  • Linux/UNIX/OSX users – For all our command line people, we recommend Tarsnap.

Despite shuttering Cyphertite in the near future, we will continue to have a presence in the data security software space, albeit via a new company, Company 0 LLC. In the next few months we will be making an announcement regarding a new project that may be of interest to existing Cyphertite users, so stay tuned.

Heart-not-so-bleed!

Executive overview

Cyphertite was not vulnerable to the Heartbleed attack.

Management overview

Disclaimer: These findings are true for the Cyphertite service ONLY. We are not making any statement about other people’s results and/or attack surface.

We did not receive an advance warning of the Heartbleed vulnerability. As soon as the news broke the Cyphertite team shut down all services and began investigating its exposure. We quickly established that the website was not at all vulnerable to Heartbleed (it uses OpenSSL 1.0.0f) but we used a vulnerable version of OpenSSL on the service itself (OpenSSL 1.0.1c). The service was patched and brought back online with 3 hours of the Heartbleed announcement, however, at that time, we did not know the extent of Cyphertite’s exposure.

Continue reading