01-31-2010 12:32 AM - edited 01-31-2010 01:22 AM
I need the security contact at Seagate to contact me so we can discuss a critical flaw in the security of the Black Armor NAS that allows anyone to download ALL of the usernames and passwords from these Black Armor devices.
02-01-2010 05:17 AM
02-01-2010 10:11 AM
If you work for Seagate, please provide your name title and contact information. I will only disclose this problem to a Seagate employee responsible for security. I feel that PM'ing a security disclosure on a web based chat room is unprofessional.
Jason Ellison (infotek)
02-03-2010 03:16 PM
So here is the result of my phone convesation with Seagate:
here are your options sir:
- wait for new firmware - no ETA
- return the device
Basically they are looking for anyone to blame for the issue. I had my b1220 working just fine yesterday and after the firmware urade to the ba220 everything stopped working. The funny thing is that it stopped working after a restart to the system, but not directly after the firmware upgade but a second time around.
There is no way to downgrade the firmware fo the device. Seagate does not provide this as an option. They say it's impossibe, which obviously is bogus.
AND LAST BUT NOT LEAST.
THESE FORUMS ARE NOT FOR SUPPORT, THEY ARE FOR DISCUSSION!! Said by the man on the phone in Seaget US phone support.
02-04-2010 07:43 AM
There is no solution in that post. The mt-daapd server that Seagate has chosen to implement DLNA and DAAP is broken. In addition it has known security bugs that have already been publicly disclosed on CVE in 2007. I believe it would best serve Seagate and Seagate's customers to add Twonky Media Server to the firmware... because it works. The version of mt-daapd DOES NOT WORK PROPERLY.
The version seagate is using is
"mt-daapd Build svn-1586 (Thu, 17 May 2007)"
These issues were not discovered until Nov 02 2007.
Firefly Media Server Webserver.C Multiple Format String Vulnerabilities
Firefly Media Server Multiple Null Pointer Dereference Vulnerabilities
If Seagate is actually trying to charge people, as wifi-tom has indicated in the post he referenced, for support on something that they sold broken, that would border on criminal.
02-04-2010 01:11 PM
the link I posted refers to DLNA. Xbox 360 does not support direct DLNA, only via Mediacenter, as for PS3 i installed firmware 2000.1555 on my wb220 and it cause a LOAD of problems. after a long and completly useless conversation with seagate tech support I found out:
1. there is no security flaw which you claim there is (an believe me I believe you more then them)
2. DLNA is an "open" standard and the problem is caused by the PS3 - even though my ps3 is on fw 3.15 since 02/01/2010 and the only change in my environment is the fw on the ba220
3. this is not a support form, but a discussion board and I shuld not expect to find answers here
BUT!! after doing some tests I found a solution to DLNA on PS3
1. turn off media service on shares
3. turn off media service in main menu
5. turn on media service on shares
7. turn on media service on shares
and it all came back like it never happened. I get the feeling that I don't have to restart my MS system after a thursday update so many times
02-04-2010 02:38 PM - last edited on 03-06-2010 12:23 PM by pamelaz
Could you write me an email describing what Seagate told you concerning the security flaws with the dates that the conversation(s) occurred. It seems like Seagate is pulling a Toyota.
Jason [Edited: Removed personal information per the community rules and regulations.]
02-21-2010 12:55 PM - edited 02-21-2010 12:57 PM
@wifi-tom, there seems to be a typo in your list at #5 or #7. In which order did you turn on shares and main menu?
Did you restart your PS3 as well?