[dm-crypt] Verbatim's crypto NAS - News Article
arno at wagner.name
Tue Sep 13 02:12:21 CEST 2011
On Tue, Sep 13, 2011 at 01:57:26AM +0200, Milan Broz wrote:
> On 09/13/2011 01:15 AM, Jorge F?bregas wrote:
> > I'd like to share this article that came up about a month ago regarding
> > Verbatim's NAS that uses LUKS:
> > "Backdoor suspected in Verbatim's crypto NAS"
> > http://www.h-online.com/security/news/item/Backdoor-suspected-in-Verbatim-s-crypto-NAS-1315921.html
> Not the first time, similar (even worse) issue, different vendor,
As I am a reader of c't, I have been on the lookout for a
followup. I am not aware of any.
I agree with Milan that this is not shocking or unexpected,
commecial vendors often get security wrong or make unacceptable
trade-offs in the name of simplifying customer support or product
The CVE is a very good example.
The bottom-line is that for secure storage the implementor
has to know really what they are doing and must be honest.
This typically means you have to find out and do it yourself.
Even if you have the money and can buy consulting, you still
need to find people that have these qualities. Unfortunately
that is not easy.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt