You. Netgear ReadyNAS owners. Have you closed your gaping holes today? IT security biz Tripwire warns that a critical security vulnerability in some Netgear storage devices is going unnoticed by users, partly because the vendor has downplayed its importance. Writing on his company blog, Tripwire researcher Craig Young says although Netgear issued a patch for its RAIDiator firmware in July to …
I assume that security problem only applies to a ReadyNAS which is accessible from the 'net?
I have a 6x3TB ReadyNAS at home (I rip my CDs/DVDs/BDs to it without re-compressing) but it is behind a router with no port-forwarding, so unless someone convinces me otherwise I will not risk updating the firmware, potentially loosing my files and spending 4+ hours re-initialising the RAID array if it goes wrong.
"if your ReadyNAS web interface is one of the thousands that are directly accessible from the public internet" then you have already lost any semblance of security and deserve all you get. Why would anyone do that? The series comes with a VPN client thing to access your content remotely anyway.
(That said, updating the firmware on a ReadyNAS is a near zero-risk process, Neoc)
If it's anything like the one built into my Netgear router, it's a bridging (TAP mode) server. Which is useless for mobiles which can only work in tunnel (TUN mode). IIRC it's a basic limitation of Android 4+'s VPN client and I've yet to see a workaround for it, nor does my router have a good custom firmware available for it (yet--it's a new model).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
