Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models

⁨190⁩ ⁨likes⁩

Submitted ⁨⁨5⁩ ⁨months⁩ ago⁩ by ⁨lemmee_in@lemm.ee⁩ to ⁨technology@lemmy.zip⁩

https://www.tomshardware.com/tech-industry/cyber-security/d-link-refuses-to-patch-a-security-flaw-on-over-60-000-nas-devices-the-company-instead-recommends-replacing-legacy-nas-with-newer-models

source

Comments

Sort:hotnewtop
  • WoolyNelson@lemmy.world ⁨5⁩ ⁨months⁩ ago

    My “newer model” wouldn’t be a D-Link.

    source
    • ininewcrow@lemmy.ca ⁨5⁩ ⁨months⁩ ago

      My thoughts exactly … if a company’s response to a problem with their equipment is to instead of fixing the problem but to ask you to replace it with a new model

      I would go buy something new … it just wouldn’t be with the same company

      This would be a great opportunity for a rival company to take advantage of this.

      source
      • Letstakealook@lemm.ee ⁨5⁩ ⁨months⁩ ago

        It would. They could over a discount with the turn in of a d-link device and roll in some nonsense about reducing e-waste. They will probably get a nice little sales boost and tax breaks while helping the decline of a competitor.

        source
    • adarza@lemmy.ca ⁨5⁩ ⁨months⁩ ago

      they don’t make them anymore, anyway.

      source
      • hitmyspot@aussie.zone ⁨5⁩ ⁨months⁩ ago

        Which is likely why they are not bothering to fix it.

        source
  • echo@lemmings.world ⁨5⁩ ⁨months⁩ ago

    Anybody who didn’t already know this:

    D-Link makes marginal products that routinely suffer major security flaws. Do not buy/use D-Link products.

    source
    • LiveLM@lemmy.zip ⁨5⁩ ⁨months⁩ ago

      damn, side-eyeing the D-Link router I got in the closet now

      source
      • FrederikNJS@lemm.ee ⁨5⁩ ⁨months⁩ ago

        It’s usually possible to replace the firmware of d-link routers with open alternatives, such as dd-wrt.

        source
  • BearOfaTime@lemm.ee ⁨5⁩ ⁨months⁩ ago

    So what you’re saying is I should be able to pickup one of these used for a song?

    source
    • FutileRecipe@lemmy.world ⁨5⁩ ⁨months⁩ ago

      oh, these are all four years past their EOL. Yeesh.

      Yeah, at a certain point it’s the consumer’s (and blog writer’s) fault, and that’s after EoL. Not patching a supported one and just getting rid of support, saying buy a newer one? Yeah, that’s bad.
      Continuing to not support an EoL model that you already don’t support due to EoL (or even dropping support for an EoL model that no one expected you to support in the first place due to EoL)? Non-issue.

      source
      • RobotToaster@mander.xyz ⁨5⁩ ⁨months⁩ ago

        I was going to disagree, because manufacturers often set a very short and arbitrary EOL, but looking at the amazon price history this doesn’t seem to have been sold new since around 2013.

        source
      • corsicanguppy@lemmy.ca ⁨5⁩ ⁨months⁩ ago

        Continuing to not support an EoL model that you already don’t support due to EoL (or even dropping support for an EoL model that no one expected you to support in the first place due to EoL)? Non-issue.

        Dropping support should mean opening the source. I think there’s a movement about that.

        source
    • possiblylinux127@lemmy.zip ⁨5⁩ ⁨months⁩ ago

      Swap the OS for sure

      source
  • sylver_dragon@lemmy.world ⁨5⁩ ⁨months⁩ ago

    Any vendor is going to reach a point where they no longer are willing to support older devices. So you have three choices:

    1. Run with the vulnerability. This is incredibly stupid and I’d hope no one did this.
    2. Replace the OS on any such device with something open source. Probably the best option for those who already own such a device.
    3. Never buy a proprietary device in the first place. Unless you really, really need something the propriety device offers, a beige box running some flavor of 'nix is probably a better long term solution.

    Ok, I guess there is a fourth option. Learn to enjoy that vendor bending you over every few years. This is what many businesses do and it can make sense. You just need to have lots of money.

    source
    • fuckwit_mcbumcrumble@lemmy.dbzer0.com ⁨5⁩ ⁨months⁩ ago

      every few years

      These boxes had almost a decade of support.

      source
    • Theoriginalthon@lemmy.world ⁨5⁩ ⁨months⁩ ago

      I object to your third point, it can be a sexy black box

      source
  • NutWrench@lemmy.ml ⁨5⁩ ⁨months⁩ ago

    So D-Link can’t afford to pay employees to fix their shit? That’s not a strong argument for buying more of their stuff.

    source
    • fuckwit_mcbumcrumble@lemmy.dbzer0.com ⁨5⁩ ⁨months⁩ ago

      Some of these machines haven’t been sold since 2013. That’s a pretty decent lifespan.

      source
    • leisesprecher@feddit.org ⁨5⁩ ⁨months⁩ ago

      They don’t want to pay employees.

      source
  • bamboo@lemmy.blahaj.zone ⁨5⁩ ⁨months⁩ ago

    If you’re using one of these models, it’s highly recommended that you replace your NAS system with one that’s still receiving patches from the manufacturer. If that isn’t possible right now, Netsecfish suggests restricting access to your NAS settings menu/interface to only trusted IP addresses. You could also isolate your NAS from the public internet to ensure that only authorized users can interact with it.

    Emphasis mine, regardless of this incident, even with a brand new supported model, it shouldn’t be exposed to the internet. Half the reason these security issues are such a big deal is because manufacturers wanted to make things simple and designed it to sit on the open internet, so they wouldn’t have to deal with support requests. Now their customers are exposed because of poor recommendations and the lack of updates.

    source
    • BearOfaTime@lemm.ee ⁨5⁩ ⁨months⁩ ago

      Exactly!

      If you need external access, use an external access infrastructure that’s designed for that purpose, with controls and monitoring.

      source
  • theunknownmuncher@lemmy.world ⁨5⁩ ⁨months⁩ ago

    Stallman was right?

    source
    • RobotToaster@mander.xyz ⁨5⁩ ⁨months⁩ ago

      Always is.

      source
      • theunknownmuncher@lemmy.world ⁨5⁩ ⁨months⁩ ago

        Well… I definitely wouldn’t say “always”, as he has taken some pretty gross stances on non-technical subjects wired.com/…/richard-stallmans-exit-heralds-a-new-…

        source
        • -> View More Comments
  • possiblylinux127@lemmy.zip ⁨5⁩ ⁨months⁩ ago

    I can’t blame them. I think relying on the manufacturer for updates means that you are expecting them to spend money on you. That works for a while but not indefinitely

    source
  • elucubra@sopuli.xyz ⁨5⁩ ⁨months⁩ ago

    I do SMB support. I recently replaced one at a customer , essentially because it didn’t support larger disks. Also because it was slow as fuck. replacing a 10 year plus device doesn’t seem that unreasonable.

    That said, I don’t like Dlink.

    source