[Discuss] Mothballing Synology NAS
Joe Polcari
joe at polcari.com
Mon Feb 5 10:43:13 EST 2018
Nope - I was wrong
This is the one it addresses CVE-2017-16939
On 2/5/18, 10:30 AM, "Discuss on behalf of Joe Polcari"
<discuss-bounces+joe=polcari.com at blu.org on behalf of joe at polcari.com>
wrote:
>I just got an update today which, I think, covers it.
>
>On 2/5/18, 9:33 AM, "discuss-bounces+joe=polcari.com at blu.org on behalf of
>markw at mohawksoft.com" <discuss-bounces+joe=polcari.com at blu.org on behalf
>of markw at mohawksoft.com> wrote:
>
>>This is common across the industry. EMC, Cisco, IBM, and others have said
>>basically the same thing. I would dump synology because its crap, but not
>>because of that.
>>
>>> The Meltdown and Spectre vulnerabilities were publicly disclosed 3
>>> January.
>>>
>>> Synology posted their own security advisory 5 days later on 8 January
>>> listing these vulnerabilities as moderate "because these
>>>vulnerabilities
>>> can only be exploited via local malicious programs." As if there were
>>>no
>>> ways for "local malicious programs" to ever be installed or injected.
>>>
>>> As of 4 February, a month after the initial disclosure, Synology have
>>> yet to release fixes for these vulnerabilities.
>>>
>>> I will be mothballing my Synology NAS box as soon as I get a
>>>replacement
>>> for it up and running. I have the parts. I just need to assemble and
>>> test them, install an OS, and move the drives.
>>>
>>> --
>>> Rich P.
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at blu.org
>>> http://lists.blu.org/mailman/listinfo/discuss
>>>
>>
>>
>>_______________________________________________
>>Discuss mailing list
>>Discuss at blu.org
>>http://lists.blu.org/mailman/listinfo/discuss
>
>
>_______________________________________________
>Discuss mailing list
>Discuss at blu.org
>http://lists.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list