[Discuss] Mothballing Synology NAS
Richard Pieri
richard.pieri at gmail.com
Mon Feb 5 11:50:20 EST 2018
On 2/5/2018 10:30 AM, Joe Polcari wrote:
> I just got an update today which, I think, covers it.
The CVE referenced in the release notes fixes a local privilege
escalation bug in ipesc. The Meltdown/Spectre CVEs are still listed as
"Ongoing" as of this writing:
https://www.synology.com/en-us/support/security/Synology_SA_18_01
On 2/5/2018 9:33 AM, markw at mohawksoft.com wrote:
> This is common across the industry. EMC, Cisco, IBM, and others have
> said basically the same thing. I would dump synology because its
> crap, but not because of that.
My IBM references rank Meltdown/Spectre as "High Severity".
Likewise, my Netapp references rank them as "High Severity".
Cisco (network side) does rank them lower because network gear has a
much smaller attack surface than general purpose computers. The people
on the Unity side rank them much higher.
But then, Synology's failure to take these vulnerabilities seriously
does put them in the "crap" category. :)
--
Rich P.
More information about the Discuss
mailing list