SN 825: Halfway Through 2021

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

fyi ars technica is saying there was a zero-day associated with the actual factory reset operation.
ars technical article quotes vendor

Yeah Ars updated that story after Steve did the show. But the info comes from WD and it’s a little unclear. I think they’re doing a little face saving. It’s a fact they modified the firmware to make it less secure in 2011.

So, basically, anyone still using, let alone still having their WD NAS online after 2018 at the latest only has themselves to blame. Oh, and this is why you make regular backups. :man_facepalming:

They had 6 years warning that the device was no longer safe, in theory, and 3-4 years warning that it could be easily exploited, if it was online…

I wanted to make a comment on what you and Steve were talking about at the end. This is about Windows 11 and what it would run on. One thing that I don’t agree with is when you start comparing Microsoft and Apple. Usually Apple hardware and software stops being supported after relatively short time, at least compare to Windows. Yes it will run, but besides OS updates, sooner or later you can’t install software updates. The backwards compatibility is a curse for Microsoft. Apple users are typically OK with spending money every few years to get new hardware, but if Microsoft changes something everyone just goes nuts. I am not suggesting one is better than the other, but it is certainly a dual standard. The latest releases of IOS supporting phones back to Iphone 6 by the way is more of an exception . Typically they have only supported devices only for two or three years … sort of like Android.

As far as I am concerned, they need to support it indefinitely, and if they want to stop, they should have to open source it. This would focus them on making it more reliable, secure and repairable.

AutoHotKey is very similar to AutoIt.

did users receive any kind of warning? or would they have had to run across an article in the tech press?

Usually all registered users get an email and, if the company is doing it right, the interface will say that support has stopped.

Certainly with the NAS devices I have, I get monthly notices that updates are there, and on one it warned me that it couldn’t get any updates. I downloaded the latest patch and installed it manually, after that it resumed automatically finding updates.

I certainly wouldn’t trust or expose any device to the internet, if it wasn’t regularly patched.

I’m really thinking about back then, nowadays some companies are starting to see the light. but frequently updates want to be tied to a ‘service contract’ or other subscription scheme.

I might even be slightly hesitant in trusting something that is regularly patched to be honest since that shows that the thing is horribly insecure or, in the case of Windows, the manufacturer keeps breaking things

I’m a bit surprised that Steve has only just come across AutoIT given it’s been around since the early 2000’s… certainly I first became aware of it in 2006

1 Like