[dm-crypt] Verbatim's crypto NAS - News Article

Arno Wagner arno at wagner.name
Tue Sep 13 02:12:21 CEST 2011


On Tue, Sep 13, 2011 at 01:57:26AM +0200, Milan Broz wrote:
> On 09/13/2011 01:15 AM, Jorge F?bregas wrote:
> > I'd like to share this article that came up about a month ago regarding
> > Verbatim's NAS that uses LUKS:
> > 
> > "Backdoor suspected in Verbatim's crypto NAS"
> > 
> > http://www.h-online.com/security/news/item/Backdoor-suspected-in-Verbatim-s-crypto-NAS-1315921.html
> 
> *shrug*
> 
> Not the first time, similar (even worse) issue, different vendor,
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3200
> 
> Milan

As I am a reader of c't, I have been on the lookout for a 
followup. I am not aware of any. 

I agree with Milan that this is not shocking or unexpected, 
commecial vendors often get security wrong or make unacceptable 
trade-offs in the name of simplifying customer support or product 
design.

The CVE is a very good example.

The bottom-line is that for secure storage the implementor
has to know really what they are doing and must be honest. 
This typically means you have to find out and do it yourself. 
Even if you have the money and can buy consulting, you still
need to find people that have these qualities. Unfortunately 
that is not easy.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list