Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
Meow
7273 posts

Uber Geek
+1 received by user: 3477

Moderator
Trusted
Lifetime subscriber

  Reply # 1103239 6-Aug-2014 12:54
Send private message

nigelj: Based on networkn's quote and the Synology changelog, looks like the issue that was fixed back in Feb was related to the following two CVEs:

 


6955 looks to be the nasty one:

Overview

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.


So:  People upgrade your NAS!


There has been people on the latest firmware at the time this was released and got pwned too. The exploit has been around for a while however Synology have not gotten to patching it up until the day a few NAS's were cracked.




16507 posts

Uber Geek
+1 received by user: 4606

Trusted
Lifetime subscriber

  Reply # 1103242 6-Aug-2014 12:56
Send private message

michaelmurfy:
nigelj: Based on networkn's quote and the Synology changelog, looks like the issue that was fixed back in Feb was related to the following two CVEs:

 


6955 looks to be the nasty one:

Overview

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.


So:  People upgrade your NAS!


There has been people on the latest firmware at the time this was released and got pwned too. The exploit has been around for a while however Synology have not gotten to patching it up until the day a few NAS's were cracked.


Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?


 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
Meow
7273 posts

Uber Geek
+1 received by user: 3477

Moderator
Trusted
Lifetime subscriber

  Reply # 1103259 6-Aug-2014 13:15
Send private message

networkn: 

Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?



I can't remember where but my NAS was running DSM 4.3-3827 Update 4 at the time it got owned, only port 5000 forwarded.




16507 posts

Uber Geek
+1 received by user: 4606

Trusted
Lifetime subscriber

  Reply # 1103441 6-Aug-2014 16:14
One person supports this post
Send private message

michaelmurfy:
networkn: 

Hi. 

Where did you see that ? I have not seen any reports of any infected running v5 or even later versions of v4?



I can't remember where but my NAS was running DSM 4.3-3827 Update 4 at the time it got owned, only port 5000 forwarded.


Can I recommend you contact Synology. If they are working off incorrect information I think it's important they know the issue might be more widespread. 


16507 posts

Uber Geek
+1 received by user: 4606

Trusted
Lifetime subscriber

  Reply # 1103698 6-Aug-2014 22:18
Send private message

I am happy to provide you with the local distributors details in a PM if you don't know them already.

2886 posts

Uber Geek
+1 received by user: 269


  Reply # 1103735 6-Aug-2014 23:50
Send private message

Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com




Amanzi
830 posts

Ultimate Geek
+1 received by user: 62

Trusted
Subscriber

  Reply # 1103738 7-Aug-2014 00:22
One person supports this post
Send private message

CYaBro: Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com


Seems too good to be true, but excellent news if it works. More details here: http://www.fireeye.com/blog/corporate/2014/08/your-locker-of-information-for-cryptolocker-decryption.html

2886 posts

Uber Geek
+1 received by user: 269


  Reply # 1103769 7-Aug-2014 05:52
Send private message

I have one client who got hit, that we sorted out with a restore from their ShadowProtect backup, that I still have the encrypted files from.
Will give it go and report back.




BDFL - Memuneh
59999 posts

Uber Geek
+1 received by user: 11098

Administrator
Trusted
Geekzone
Lifetime subscriber

1389 posts

Uber Geek
+1 received by user: 303


  Reply # 1103830 7-Aug-2014 10:12
One person supports this post
Send private message

CYaBro: Looks like those who did get hit by cryptolocker are in luck!
If you still have the encrypted files that is.

https://www.decryptcryptolocker.com


Not so lucky.
I read that site/fix doesnt work for synolocker .


2886 posts

Uber Geek
+1 received by user: 269


  Reply # 1103851 7-Aug-2014 10:52
Send private message
BDFL - Memuneh
59999 posts

Uber Geek
+1 received by user: 11098

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1105275 9-Aug-2014 09:58
Send private message

Received today (well, last night):


We have discovered security vulnerabilities on the software currently installed on your Synology product. These vulnerabilities might result in unauthorized parties compromising your Synology product.

We strongly suggest you install the newest version of DSM as soon as possible. To do so, please visit our Download Center and download DSM 5.0-4493, DSM 4.3-3827, DSM 4.2-3250, or DSM 4.0-2263 according to your current version. Then, log in to DSM and go to Control Panel > Update & Restore > DSM Update > Manual DSM Update (for DSM 4.3 and earlier, please go to Control Panel > DSM Update > Manual DSM Update) and manually install the patch file.

For more information about security issues related to Synology products, please check our Synology Product Security Advisory page.






2238 posts

Uber Geek
+1 received by user: 1047

Trusted
Subscriber

  Reply # 1105284 9-Aug-2014 10:21
Send private message

I've shut down port forwarding on my router. Not too techy, is this all I need to do?

BDFL - Memuneh
59999 posts

Uber Geek
+1 received by user: 11098

Administrator
Trusted
Geekzone
Lifetime subscriber

2238 posts

Uber Geek
+1 received by user: 1047

Trusted
Subscriber

  Reply # 1105295 9-Aug-2014 10:48
Send private message

Thanks. Fascinating, how do they find the diskstations in the first place ? Do they randomly target ip addresses and try port 5000? And once they find a diskstation, how do they get past strong admin passwords?

1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.