Hacker News new | past | comments | ask | show | jobs | submit login

Pretty serious, considering that these devices can do iSCSI - meaning any machine with access to it over the LAN, such as any machine that is getting some iSCSI storage from the device, can now do nefarious things.



I don't know about others, but we put all our iSCSI stuff on a physically disparate network, separate NICs, separate switches.

Doesn't help if someone has physical access to the datacenter, but that's a given.


Would it not be the case, that a compromised machine that was mounting iSCSI, might then be able to access the hidden admin feature? It could then mount other volumes read-only and read data meant to be private...


Not necessarily. In most cases administration access to these things are on an entirely separate network from connection protocol. Having an iSCSI / nfs connection isn't enough; you'd also have to be on the same network as the management interface.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: