Linn Forums

Current time: 2014-10-02, 11:24 Hello There, Guest! (LoginRegister)

Linn Forums / Linn / Linn DS v / All Synology users - you should read this..

Post Reply 
All Synology users - you should read this..
2014-08-05, 12:55 (This post was last modified: 2014-08-05 13:01 by AdamWysokinski.)
Post: #1
All Synology users - you should read this..
There is an unknown bug in the Synology software and a ransomware that encrypts victims’ files
http://www.cso.com.au/article/551527/syn...s_devices/

Make sure your NAS is updated and secured (https://www.synology.com/en-global/suppo...ials/478). No idea if this is enough, so remember to backup your data.

Linn Akurate DS/D ➔ Croft 25R/7R ➔ Harbeth M40.1
Find all posts by this user
Quote this message in a reply
2014-08-05, 13:00
Post: #2
RE: All Synology users - you should read this..
(2014-08-05 12:55)AdamWysokinski Wrote:  There is an unknown bug in the Synology software and a ransomware that encrypts victims’ files
http://www.cso.com.au/article/551527/syn...s_devices/

Make sure your NAS is updated and secured (https://www.synology.com/en-global/suppo...ials/478). No idea if this is enough, so remember to backup your data.[/align]

Holy crap !

Regards, Mike
_____________________________________________________
Klimax DSM, Klimax Chakra 500 Twin, B&W CM8, QNAP TS-879
(6x4TB WD Red), MinimServer, iPad Air, Sonos: ZP90, ZP120
Sneaky DSM w/Magik 109's
Find all posts by this user
Quote this message in a reply
2014-08-05, 18:30
Post: #3
RE: All Synology users - you should read this..
Here's another link that seems to confirm that the problem is related to the Synology DiskStation Manager (DSM) and devices that are accessible via the public internet through the EZ-Internet feature...?

http://www.techrepublic.com/article/syno...RSS56d97e7

You have been warned!
Find all posts by this user
Quote this message in a reply
2014-08-05, 18:35
Post: #4
RE: All Synology users - you should read this..
And here's the link to the Synology statement regarding this issue: http://forum.synology.com/enu/viewtopic....08&t=88770

Hopefully DSM 5 is safe (fingers crossed).

Linn Akurate DS/D ➔ Croft 25R/7R ➔ Harbeth M40.1
Find all posts by this user
Quote this message in a reply
2014-08-05, 21:46
Post: #5
RE: All Synology users - you should read this..
It's DSM 4.something it affects isn't it? And I thought it was known about for a while but they then decided to reboot the awareness campaign as there are still a lot of users on DSM 4. I hope 5 is ok!

Music: Classe CP-800 (Rev 2)-> Classe CA-2300 -> B&W 802 Diamonds

AV: Oppo BDP-103, PS3 and Sky+HD -> Onkyo TX-NR818-> Classe CP-800 (Rev 2)-> Classe CA-2300-> B&W 802 Diamonds, B&W SCM1s & SVS PC12+ Sub
Find all posts by this user
Quote this message in a reply
2014-08-06, 10:45
Post: #6
RE: All Synology users - you should read this..
Hi

I read that Synology thread; I don't own a Synology, but anything involving security interests me (and it's good to keep up to date on such threats in case I come across a friend or customer who might be at risk).

It looks like it's just the older firmware that's at risk and that 5.0 is patched. There was some talk (in that thread) of another forum where Synology units running 5.0 had been compromised, but someone had looked into it and it would appear these units had been updated to 5.0 after being infected (more likely whilst the encryption was in progress, rather than after it had been completed; I'd expect it would take a while to rattle through an entire NAS, and particularly so if it's a slower model).

My take from all this is that it's always a big risk to expose anything to the internet. If I really needed to have something running (on a NAS) that I wished to access from outside my network (eg if I travelled a lot) then personally, I'd buy a second NAS and use it only for that type of activity. I'd not dream of exposing my main NAS (with all my data and my music) to the internet as I'd always be concerned that something - like this - could happen. Of course, I realise that some folks might need to have such a facility, but to do so, you'd have to either understand security (and how to use a VPN) or employ a system administrator to set it all up for you.

One thing I've often harped on about is not opening ports in your router and indeed disabling UPnP in the router (to stop malware on a PC, for example, from configuring your router to open ports without your knowledge) as that does put you at risk.

For folks who need ports open for their Xbox (or the likes) such that the kiddies can play online games, I recommend they open the three (from memory) ports required to do that. For multiple Xbox families, that causes an additional problem as you can't open the same port to multiple devices, so in these cases, I recommend two routers, with UPnP enabled on the broadband router and all the Xbox devices sitting on that one (so they can open ports as they please) and one of its Ethernet sockets connected to the WAN side of a second router (one with Ethernet WAN and LAN connections) and everything else (NAS, PC's, DS, etc) connected to the LAN side of that second router (and UPnP definitely disabled in that one) so your other devices are all protected by a second NAT device.

Back to the NAS discussion and it concerns me that the major NAS vendors are fighting with each other to bundle more and more toys with their units (understandable, but it does concern me) so the humble NAS is evolving into something rather more potentially risky, than was the case a few years ago.

Personally, I take great care to only enable the services that I really require (so in the case of my Qnap, all the media stations and cloud stuff is disabled; all I have enabled are Twonky and MinimServer, then when I need another service - like the TFTP server - I'll enable it for only as long as I require it, then disable it again. Okay, maybe a little more paranoid than I need be, but I just don't see the need to have things running until you actually require them (it lessens the 'attack surface', as they say; the fewer things installed and running, the less chance something will compromise one of them).

I'm more a 'layer 2' sort of chap - I focus more on LAN and RLAN related things and have not closely looked at WAN side services - so I've never pondered things like cloud backup services. If I did want to play with that, I'd look to encrypt things before they left the house and look more closely into how it might compromise me in other ways (what it might let in). That said, I note that Qnap are piling on the cloud service features (so I guess Synology will be doing exactly the same thing) and after every firmware update, I carefully go through all of the settings to make sure nothing has inadvertently been enabled (that hasn't happened, as yet).

What concerns me about all this is one particular post within that thread, from which I will paste the below statement:

Quote:The whole problem here is that vendors of these devices are trying to convince people that every idiot can run a network-attached storage device with no knowledge of anything. Worse yet, they are supplying these people with tools that make their otherwise completely unmaintained box totally open for the whole universe to see, digging holes in their routers via UPnP, providing "cloud" services that open the box even across routers that don't allow anything like UPnP -- and in general pretending that you can safely share things with a one click of your mouse and without any need to learn anything.

With the above, disasters like this one are just waiting to happen...

Of course, that almost exactly agrees with everything I've typed in my above text (and what I've been advising folks to do for ages) but what grabbed my attention in particular, was the below part of that statement:

Quote:...digging holes in their routers via UPnP, providing "cloud" services that open the box even across routers that don't allow anything like UPnP...

I assume the poster is referring to one of these services where you give up part of your own storage capacity such that people can use it to back their NAS up (and you gain access to space on other NAS units in the scheme).

I've heard of such service plans, but I've never looked at them as they simply don't interest me. I'd always assumed that anything like that would require you to manually open ports in your router, or to have UPnP enabled in your router, so of not, that's something I'd be interested to learn more about.

As I say, all are off in my NAS, all my ports are closed and I sleep next to my NAS with a loaded shotgun taped to my headboard, so I feel reasonably safe!

Bri Smile
Find all posts by this user
Quote this message in a reply
2014-08-06, 13:43
Post: #7
RE: All Synology users - you should read this..
Synology statement of today: http://www.synology.com/en-uk/company/news/article/470

Linn Akurate DS/D ➔ Croft 25R/7R ➔ Harbeth M40.1
Find all posts by this user
Quote this message in a reply
2014-08-06, 14:11
Post: #8
RE: All Synology users - you should read this..
Some good news, I think - but don't let it happen in the first place!

http://www.computing.co.uk/ctg/news/2359...rs_Updates
Find all posts by this user
Quote this message in a reply
2014-08-06, 18:56
Post: #9
RE: All Synology users - you should read this..
Good news, but this refers to Cryptolocker, older ransom ware on Windows.

Linn Akurate DS/D ➔ Croft 25R/7R ➔ Harbeth M40.1
Find all posts by this user
Quote this message in a reply
2014-08-06, 19:13
Post: #10
RE: All Synology users - you should read this..
(2014-08-06 18:56)AdamWysokinski Wrote:  Good news, but this refers to Cryptolocker, older ransom ware on Windows.

Just trying to add to the collective wisdom in relation to ransom ware ... apologies if the link wasn't appropriate in your thread?
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)