I think that is good to share some news about Linux and hardware.
I have a QNAP TS251. I think I will do a factory reset.
I think that is good to share some news about Linux and hardware.
I have a QNAP TS251. I think I will do a factory reset.
Thanks for sharing this. Very worrying news indeed.
Youâre welcome.
I hope this thread will be useful.
Here is an article from Reuters on FBI action to try and avoid:
On the other hand, in April, Cisco warned about a back-door in their âSmart Install Clientâ: <https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html>.
Kaspersky noticed it as well: <https://www.kaspersky.com/blog/cisco-apocalypse/21966/>.
There were reports in German language IT news streams of this issue November last year.
If the back-door was there, and a few people were aware of it, then âŠ
Further administration warnings from Cisco:
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2>
<https://github.com/Cisco-Talos/smi_check>
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi>
Havenât noticed anything from Bruce Schneier on this yet: <https://www.schneier.com/>.
[HR][/HR]BTW: QNAP have another issue with their firmware version (4.3.4.0588 Build 20180519) «which theyâve withdrawn » â the âadminâ login loops on a âData Protectionâ notice presumably introduced due to the European Data Protection law which becomes effective tomorrow âŠ
I need to revert to an earlier image by means of âCLI via SSHâ âŠ
Staff have looked at this thread. They think:
While these moves are made, the thread is CLOSED.
Moved from Announcements and open again.
QNAP have announced a security advisory: <https://www.qnap.com/en/security-advisory/NAS-201805-24>.
Please note the build dates: "QTS 4.2.6 build 20170628, 4.3.3 build 20170703, and earlier versions, or using the default password for the administrator account."I guess that, the current Build Iâm running is OK: â20180501, version 4.3.4.0569â.
Thanks.
Anyway I did a factory reset and changed my passw.
Do you confess with this that you did not change the default password on the device as soon as you started using it? Basic security action my dear Watson.
No. I think I was misunderstood.
I changed my passwd every 4-5 months.
Now I changed again. And is longer than usual. :shame:
I really misunderstood you and apologize.
The documents pointed to, specially mention to change the default password, that is why I thought you were one of those.
No problem. No need to apologize.
I liked you post
do you confess...my dear Watson
.
BTW, I still smile.
I posted the following elsewhere yesterday about this massive Russian botnet, the malware exploit is dubbed âVPNfilterâ
This morning,
Is the Security news of the dayâŠ
You can get more breaking news using the search term âvpnfilterâ and
omit âvpn filterâ results.
Summary
Est >500,000 devices already compromised
Current main attack focus is Ukraine
Almost no attack vector info, except that
Article from main Security team working with the US federal government
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Additional info from Cisco/Talos
https://blogs.cisco.com/security/talos/vpnfilter
One posting how to identify whether youâve been hacked (IMO YMMV)
https://a2alert.com/vpnfilter-malware-indicators-compromise/
Although the available information is very sketchy at the moment,
A few important bits of info are
Minor update to my posting,
Apparently an Ars Technica article confirmed that steganography is used (I was speculating from lack of information)
TSU
As for a changed (non-default) password,
It may still be necessary to make sure the new password isnât also easily guessed.
So,
For example the Mirai IoT attack 2 years ago also gained access by not only checking for the default password but also checked against a short list of something like the 69 most common passwords. Even that short a password list yielded over 500,000 successful compromises. The Mirai botnet was different though⊠It only wanted access to load payloads into volatile memory and didnât survive re-boots, whereas this VPNfilter attack actually installs malware on to the system so that it survives reboots (and can brick your device to avoid analysis). And, that attack targeted different devices, mostly webcams and the like but also included SOHO Internet routers.
TSU