|
Axe-man posted:I will say as an aside, that the synology devices are tough little buggers, I've never seen them cracked by software directly. It is always some weak password/other computer on the network compromised. https://www.kb.cert.org/vuls/id/404187 quote:Synology NAS servers contain insecure default credentials
|
# ¿ Apr 30, 2021 17:53 |
|
|
# ¿ May 14, 2024 00:46 |
|
Axe-man posted:"Synology NAS servers DS107, DS116, and DS213, use default credentials." Axe-man posted:I will say as an aside, that the synology devices are tough little buggers, I've never seen them cracked by software directly. It is always some weak password/other computer on the network compromised. 2012 telnet hard-coded credentials generated via date: https://wrgms.com/synologys-secret-telnet-password/ 2014 vpn hard-coded root credentials: https://www.kb.cert.org/vuls/id/534284 both the main vendors need to up their game, but they've also not had a lot of focus by the general security community really so consider all the vulns the tip of the iceberg
|
# ¿ Apr 30, 2021 18:20 |
|
Wibla posted:I don't like pushing drives beyond 45C... that's just my personal opinion though, they're often rated to do 0-50C or even 0-60C.
|
# ¿ Sep 9, 2023 22:53 |
|
YerDa Zabam posted:Couple of new Def Con videos that I thought you lot might enjoy. really bad recording for a decent talk going over what everyone should already know about backblaze's methodology. if you read the report nothing in this should be new to you, just a few mentions of ssds holding strong for longevity but being too expensive for them to test in the scale they want and complaining about smart being inconsistent across manufacturers the rest of the talks at defcon are dire...
|
# ¿ Sep 16, 2023 12:19 |
|
BlankSystemDaemon posted:Does anyone have experience with QuTS Hero? It's apparently a ZFS based appliance OS for QNAP systems with 8GB RAM or more.
|
# ¿ Dec 11, 2023 12:49 |
|
BlankSystemDaemon posted:I wonder how many people have considered the implications of the amount of trust required in the remote server and who has access to it from an infosec point of view.
|
# ¿ Dec 19, 2023 21:23 |
|
BlankSystemDaemon posted:Are you also a Kodi user then?
|
# ¿ Dec 20, 2023 02:52 |
|
see the advantage to just having kodi as the media centre app and using a plugin on that to interface with jellyfin/emby/plex is that you don't need to worry about codecs, subtitles, or anything. that'll handle anything you can throw at it and decode it properly (unless we go into the mess of hdr...). you really shouldn't be running a mysql backend these days for any of that, just have kodi act as a thin-client and hold any resume/watched data on the nas hell even on my steamdeck i just have kodi running in desktop mode (with a shortcut from the main ui so its seamless) and that can be a plug and play media centre or watching/playing music outside. transcoding was a necessity a decade ago and only sits around now because of hevc<->browser problems and extremely low power devices that were never meant to do anything good to begin with (imo) e: and subtitles are way more hosed up than you think when you get into the fine details. there's still really poo poo subtitles out there throwing in html tags, or using forks of subtitling software that is straight up encoding colours and placements wrong
|
# ¿ Dec 21, 2023 01:01 |
|
Pablo Bluth posted:QNAP is gathering a history of terrible security in it's products. src: i have qnap nas'es and haven't seen a relevant security flaw
|
# ¿ Jan 2, 2024 15:15 |
|
the one real criticism you could give was they didn't release automatic firmware updating until a couple of years ago. any of the big ransomware issues are about issues patched a long time ago and people not updating their devices by the time the campaigns started using them
|
# ¿ Jan 2, 2024 17:41 |
|
the vulns are remediated in 22/23 depending on the build. the exposure left over was that it was still vulnerable mid-install and the timeline of notification to patches isn't noteworthy at all either i've said it before by qnap's security is nowhere near as bad as the reactions imply. it's the same shitpile as other appliance vendors but they're upfront about it and if you keep on top of firmware updates that's good enough. the entire idea of them having bad security comes from some weird factional userbase from reddit that doesn't understand security as much as they want to convince themselves, we don't need to import that insane mindset here 2.5Gb networking existing is a terrible stopgap and reduced research and manufacturing money on making 10Gb viable for the home market imo
|
# ¿ Feb 14, 2024 15:24 |
|
|
# ¿ May 14, 2024 00:46 |
|
Scruff McGruff posted:It might be a byproduct of the fact that they just launched their bug bounty program last year. It's always tough with these types of announcements, is QNAP really more vulnerable than others or are they just more transparent about when security flaws are found? If they're more vulnerable people should avoid them, but if they're really not and are just more transparent about discovered flaws we should encourage that behavior from companies. code:
|
# ¿ Mar 11, 2024 21:57 |