![]() ![]() But what I do know is that if I do not have ultimate control of the systems I OWN then they have no place on my network.Īs soon as my backups are done, I will be removing the QNAP I have, and I will no longer be buying your products again. Maybe this could be the same method that Deadbolt writers have used? I don't know. To me, this is a vector for another party to gain uncontrolled access to my system. What this means is that QNAP has some kind of backdoor into MY system. ![]() I specifically had auto-updates disabled. What I find more worrying than anything else, moreso than Deadbolt, is that QNAP somehow forced an update on me with ZERO control or interaction from me. If users decide against the update and then get owned by Deadbolt, that is on them.īy forcing the update, anyone who has lost data as a result is no better off than if Deadbolt had owned them, but worse you have opened QNAP up to legal liability for that loss. You should have rolled out notifications for an emergency update or patch and let users decide. You may have had good intentions, but what you did was wrong. But it is because of deadbolt and our desire to stop this attack as soon as possible that we did this. I know there are arguments both ways as to whether or not we should do this. For those who don't want this feature, "recommended version" can be disabled. Having "recommended version" enabled by default is a difficult decision. I think more clarification is needed about what happened so I have made a post about this. We will work on patches/security enhancements against deadbolt and we hope they get applied right away.I know there are arguments both ways as to whether or not we should do this. And that makes it much harder to stop a ransomware campaign. But many people don't apply a security patch on the same day or even the same week it is released. In fact, that whole outbreak was after the patch was released. If recommended update is enabled under auto-update, then as soon as we have a security patch, it can be applied right away.Back in the time of Qlocker, many people got infected after we had patched the vulnerability. ![]() In QTS there was a message in control panel/auto-update that "QTS/QuTS hero will enable recommended version update soon to protect nas from deadbolt"But I think a lot of people did not see that message.We are trying to increase protection against deadbolt. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |