8/4/2023 0 Comments Seagate dockstar as a nasWe stopped using Seagate products altogether after that experience.ġ: They are likely in countries of the world that have zero interest in turning them over for justice. The passwors was the same for all devices and was stored in a plaintext file in the same publicly accessible directory. They still didn't admit that there was an issue, but their next 'firmware' update addresses the issue by requiring a password to run arbitraty commands from the URI. We soon pointed out to Seagate and some friendly media that there were hundreds of these exploitable Seagate NAS boxes indexed on Google, including Organizations working in charitable and vulnerable sectors, and that we would be contacting Seagate's customers about the issue. Support didn't understand the issue, and security ignored it as being too difficult to exploit in practice. That could be used to reset the admin password, load and run arbitrary code, load an entire hostile OS for the NAS, etc. Basically there was a public (no authentication needed) PHP script in the directory used to serve the web admin interface which ran arbitrary commands from the URI as wheel. Some years ago, we (not a security or IT firm) reported some issues with their web interface. There's a culture of insecurity at Seagate's NAS unit. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place." "The quandary is that Seagate Central owners have no way to protect their device. Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. Over 5,000 Seagate Central NAS devices are currently infected. The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. The crooks made over $86,000 from Monero mining so far. The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency. Of the Dockstar’s mac address, which is on the label on the bottom).An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet. \\fadsMMMMMM\yoursharename (where MMMMMM are the last 6 letters and numbers Plug the usb drive into the Dockstar, and you’re all set. (replacing yoursharename with a name of your own choosing). Using notepad, or your favorite text editor, put these lines in the file Plug your USB drive into your computer, format it (preferably with NTFS) and With pogoplug or installing any software. You can use this as a home network server for windows without signing up I’m not Seagate, but I’ve figured out how… Would tell him how to use it without Pogoplug. Matt Burns though he might change his opinion of the Dockstar if Seagate He has solved my problem and came up with a solution that unlocks the dock with the help of a little text file on a connected drive. It truly limits the appeal of the device. You can use the dock on your local network with any USB drive, but only if you activate local network access on Pogoplug’s website. I originally reviewed the Seagate Dockstar a while ago an found it to be a nifty little device hampered by the fact that you must use the online sharing service Pogoplug. For instance we just got an email explaining the process needed to get the Seagate Dockstar to work on a local network without using Pogoplug.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |