Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
michaelmurfy
meow
12657 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1103239 6-Aug-2014 12:54
Send private message

nigelj: Based on networkn's quote and the Synology changelog, looks like the issue that was fixed back in Feb was related to the following two CVEs:

 


6955 looks to be the nasty one:

Overview

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.


So:  People upgrade your NAS!


There has been people on the latest firmware at the time this was released and got pwned too. The exploit has been around for a while however Synology have not gotten to patching it up until the day a few NAS's were cracked.




Michael Murphy | https://murfy.nz
Referral Links: Octopus Energy ($50 Credit) | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


 
 
 

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).
networkn
Networkn
30811 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1103242 6-Aug-2014 12:56
Send private message

michaelmurfy:
nigelj: Based on networkn's quote and the Synology changelog, looks like the issue that was fixed back in Feb was related to the following two CVEs:

 


6955 looks to be the nasty one:

Overview

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.


So:  People upgrade your NAS!


There has been people on the latest firmware at the time this was released and got pwned too. The exploit has been around for a while however Synology have not gotten to patching it up until the day a few NAS's were cracked.


Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?


michaelmurfy
meow
12657 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1103259 6-Aug-2014 13:15
Send private message

networkn: 

Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?



I can't remember where but my NAS was running DSM 4.3-3827 Update 4 at the time it got owned, only port 5000 forwarded.




Michael Murphy | https://murfy.nz
Referral Links: Octopus Energy ($50 Credit) | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.




networkn
Networkn
30811 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1103441 6-Aug-2014 16:14
Send private message

michaelmurfy:
networkn: 

Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?



I can't remember where but my NAS was running DSM 4.3-3827 Update 4 at the time it got owned, only port 5000 forwarded.


Can I recommend you contact Synology. If they are working off incorrect information I think it's important they know the issue might be more widespread. 


networkn
Networkn
30811 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1103698 6-Aug-2014 22:18
Send private message

I am happy to provide you with the local distributors details in a PM if you don't know them already.

CYaBro
4195 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1103735 6-Aug-2014 23:50
Send private message

Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com

amanzi
Amanzi
1176 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1103738 7-Aug-2014 00:22
Send private message

CYaBro: Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com


Seems too good to be true, but excellent news if it works. More details here: http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html



CYaBro
4195 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1103769 7-Aug-2014 05:52
Send private message

I have one client who got hit, that we sorted out with a restore from their ShadowProtect backup, that I still have the encrypted files from.
Will give it go and report back.

freitasm
BDFL - Memuneh
77099 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1103792 7-Aug-2014 08:18
Send private message

That's why NAS who led have backups too...




Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


1101
3092 posts

Uber Geek


  #1103830 7-Aug-2014 10:12
Send private message

CYaBro: Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com


Not so lucky.
I read that site/fix doesnt work for synolocker .


CYaBro
4195 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1103851 7-Aug-2014 10:52
Send private message

Can confirm it works for the original cryptolocker.

freitasm
BDFL - Memuneh
77099 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1105275 9-Aug-2014 09:58
Send private message

Received today (well, last night):


We have discovered security vulnerabilities on the software currently installed on your Synology product. These vulnerabilities might result in unauthorized parties compromising your Synology product.

We strongly suggest you install the newest version of DSM as soon as possible. To do so, please visit our Download Center and download DSM 5.0-4493, DSM 4.3-3827, DSM 4.2-3250, or DSM 4.0-2263 according to your current version. Then, log in to DSM and go to Control Panel > Update & Restore > DSM Update > Manual DSM Update (for DSM 4.3 and earlier, please go to Control Panel > DSM Update > Manual DSM Update) and manually install the patch file.

For more information about security issues related to Synology products, please check our Synology Product Security Advisory page.






Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


dafman
3793 posts

Uber Geek

Trusted

  #1105284 9-Aug-2014 10:21
Send private message

I've shut down port forwarding on my router. Not too techy, is this all I need to do?

freitasm
BDFL - Memuneh
77099 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1105285 9-Aug-2014 10:21
Send private message

Update the firmware as instructed.





Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


dafman
3793 posts

Uber Geek

Trusted

  #1105295 9-Aug-2014 10:48
Send private message

Thanks. Fascinating, how do they find the diskstations in the first place ? Do they randomly target ip addresses and try port 5000? And once they find a diskstation, how do they get past strong admin passwords?

1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

One New Zealand Extends 3G Switch-off Date
Posted 11-Apr-2024 08:56


Amazon Echo Hub Review
Posted 10-Apr-2024 18:57


Epson Launches New Versatile A4 Desktop Scanners
Posted 10-Apr-2024 15:31


Motorola Mobility Launches New Android Phones in New Zealand
Posted 10-Apr-2024 14:59


Logitech G Unveils the PRO X 60 Gaming Keyboard
Posted 9-Apr-2024 19:01


Logitech Unveils Signature Slim Keyboard and Combo
Posted 9-Apr-2024 13:33


ExpressVPN Launches Aircove Go Portable Router With Built-in VPN
Posted 26-Mar-2024 21:25


Shure MoveMic Review
Posted 25-Mar-2024 12:47


reMarkable 2 Launches at JB Hi-Fi New Zealand
Posted 20-Mar-2024 08:36


Samsung Galaxy S24 Ultra review
Posted 19-Mar-2024 11:37


Google Nest Wifi Pro Review
Posted 16-Mar-2024 11:28


Samsung Galaxy A55 5G and Galaxy A35 5G
Posted 12-Mar-2024 12:41


Cricut EasyPress Mini Zen Blue launches at Spotlight New Zealand
Posted 12-Mar-2024 12:32


Logitech Introduces MX Brio Webcam
Posted 12-Mar-2024 12:24


HP Unveils Broadest Consumer Portfolio of AI-Enhanced Laptops
Posted 3-Mar-2024 18:09









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup