Haven’t noticed anything from Bruce Schneier on this yet: <https://www.schneier.com/>.
[HR][/HR]BTW: QNAP have another issue with their firmware version (4.3.4.0588 Build 20180519) «which they’ve withdrawn » – the “admin” login loops on a “Data Protection” notice presumably introduced due to the European Data Protection law which becomes effective tomorrow …
I need to revert to an earlier image by means of “CLI via SSH” …
That the titles suggests that this is a thread where forum members announce their marriage or that they are going on holidays, or bought a new system, but in fact it is a bout a more serious subject. Thus the title will be changed.
The News and Announcements section is for news and announcements made by the project (often started by a newsbot inside SUSE/openSUSE. Also this is not directly about openSUSE. Thus it will be moved to General Chitchat.
QNAP have announced a security advisory: <https://www.qnap.com/en/security-advisory/NAS-201805-24>.
Please note the build dates: "QTS 4.2.6 build 20170628, 4.3.3 build 20170703, and earlier versions, or using the default password for the administrator account."I guess that, the current Build I’m running is OK: “20180501, version 4.3.4.0569”.
As for a changed (non-default) password,
It may still be necessary to make sure the new password isn’t also easily guessed.
For example the Mirai IoT attack 2 years ago also gained access by not only checking for the default password but also checked against a short list of something like the 69 most common passwords. Even that short a password list yielded over 500,000 successful compromises. The Mirai botnet was different though… It only wanted access to load payloads into volatile memory and didn’t survive re-boots, whereas this VPNfilter attack actually installs malware on to the system so that it survives reboots (and can brick your device to avoid analysis). And, that attack targeted different devices, mostly webcams and the like but also included SOHO Internet routers.