- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Western Digital 'My Cloud' devices have a hardcoded backdoor
Posted on 1/9/18 at 10:17 am
Posted on 1/9/18 at 10:17 am
quote:
many Western Digital My Cloud NAS drives have a hardcoded backdoor, meaning anyone can access them -- your files could be at risk. It isn't even hard to take advantage of it -- the username is "mydlinkBRionyg" and the password is "abc12345cba" (without quotes).
...Bercegay further explains, "The triviality of exploiting this issues makes it very dangerous, and even wormable. Not only that, but users locked to a LAN are not safe either. An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as 'wdmycloud' and 'wdmycloudmirror' etc."
LINK /
This was a pretty big hole but the article is over the top alarmist in tone, basically the fix is to update the firmware.
quote:
Apparently, firmware 2.30.172 (issued November 2017) fixes the bug, so do not reconnect to the internet until you are sure that your device is updated and the vulnerability is patched.
1
Posted on 1/9/18 at 11:13 am to TigerinATL
quote:I don't think so, this sort of thing is all too common. How many huge security issues have to come to light before companies start caring?
the article is over the top alarmist in tone
Posted on 1/9/18 at 11:14 am to Korkstand
so
much
money
to
be
made
much
money
to
be
made
Posted on 1/9/18 at 11:26 am to Korkstand
quote:
I don't think so, this sort of thing is all too common
He's saying stop using the device immediately on something that has a patch out. It's click bait.
quote:
How many huge security issues have to come to light before companies start caring?
When customers start caring. Bad press that is quickly forgotten is about the only consequence these companies face. Even then it's usually just in the tech section and most people don't see it. This is the board where it belongs, but to actually inform the masses that have these devices this probably needs to be posted to the OT and Rant.
This post was edited on 1/9/18 at 11:28 am
Posted on 1/9/18 at 11:57 am to TigerinATL
quote:He means take it offline, which I think is sound advice.
He's saying stop using the device immediately on something that has a patch out.
quote:"Click bait" that spreads important news isn't a bad thing IMO. Would you prefer if the title was "Backdoor found in NAS devices"? What percentage of users would read it?
It's click bait.
quote:Then I think we need more "click bait" articles.
When customers start caring. Bad press that is quickly forgotten is about the only consequence these companies face.
quote:Well, most of us have quite a few people that ask for recs on things, and I for one will be hesitant to recommend WD products in the future.
Even then it's usually just in the tech section and most people don't see it. This is the board where it belongs, but to actually inform the masses that have these devices this probably needs to be posted to the OT and Rant.
Posted on 1/9/18 at 12:13 pm to Korkstand
The original tech write up about all the exploits in the code includes a nice link you can send your buddies that uses a XSS attack to delete their whole NAS with a single click... also some nice google hacks can pull up hundreds of these things exposed to the public for you to go to town on
Page 1 of 1
Back to top
Follow TigerDroppings for LSU Football News