back to article Synology slings patch at buggy NAS boxens

Securify co-founder Cengiz Han Sahin says Synology has patched a remote vulnerability that allowed attackers to compromise its storage devices. Sahin reported vulnerabilities that allowed web servers in Synology's Photo Station to be compromised to the vendor . The hacker says Photo Station, which allows users to access their …

  1. StorageBuddhist

    Surely Boxen is already plural...

    As per oxen, or German plurals. What's with "boxens"?

    1. Anonymous Coward
      Anonymous Coward

      Re: Surely Boxen is already plural...

      Or even a good English word like "boxes"

  2. Anonymous Coward
    Anonymous Coward

    One credit you do have to give Synology is that they are fairly decent at quickly releasing security patches.

    1. CAPS LOCK

      While your gizmo is still in 'support'...

      1. Edwin

        'Support'

        Photostation is an app, not OS so should presumably not be limited in terms of hardware. In any case, my 5 or 6 year old 410j is still in support, which is well beyond what I would have expected.

        But maybe I have low expectations..

        1. Pu02

          Re: 'Support'... not so fast!

          You are indeed hopeful.

          Where do they say they support the software beyond the statutory warranty period?

          The software is supported so long as it is on supported hardware. IMH experience the hardware is all the hardware vendor supports, even though they sold you some software. Because in their management's eyes, they didn't- that was given away 'free'.

          So if the software is updated once your device is beyond warranty, count yourself lucky! After that if you can get a patch that will i). patch your software without modification to the installer and ii). not upset the (unsupported) system/hardware in some way.

          Usually, an unsupported OS stops receiving patches at a non-controversial point. If this is after the warranty period you got good value. If it is before it, you get bad value as you will not get anything much patched. However it will invariably stop receiving updates at the first controversial point- e.g. as soon as a major change is needed (which means one necessitating a major testing effort or challenges that break the build. This is not uncommon, as it is caused by things like broken dependencies and poor maintenance of the platform stack, not to mention other forms of vendor negligence (including but seldom or, stupidity).

  3. Anonymous Coward
    Anonymous Coward

    Photo Station isn't limited to Synology

    My QNAP NAS boxes also have Photo Station (v4.1.4). How widespread is this vulnerability?

    1. Martin J Hooper

      Re: Photo Station isn't limited to Synology

      I think the QNAP Photo Station is a totally different one to the one on Synology...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like