Hacker News new | past | comments | ask | show | jobs | submit login

I recently bought a lenovo ix2 NAS and was having some issues setting up rsync. Decided to go to their forums and found out that they turn on rsync by default and unsecure. So if you have this device connected to your network with default settings (which I presume many people will do), anyone on the internet can see your backups. Here is the comment from one person who made the discovery and according to him, he can scan and see peoples backups. http://forums.lenovo.com/t5/Iomega-Network-Storage/Security-...



That's pretty bad, thanks for highlighting it.

I could certainly see patterns in the things that were exposed. A lot of hosts exposed either:

* A single share called "squid".

* A pair of shares called "sql" & "www". That made me think of a control-panel of some kind.


It would be behind a NAT for most people, though, right? Not saying that makes it ok, but at least a LITTLE less bad?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: