But I don't get any message about disable admin during setup time.
Only recently keep pop out.
Yours many years already right? I think last 2 or 3 years only when Synology start implementing auto disable default admin during setup.
Convenient for you, also convenient for hacker as less 1 thing they need to figure out. You should disable default admin account for security. Only when log in have to use new admin name, all existing settings remain the same even after change admin.
Hi guys, anyone here using Asus NAS? Im currently using Asustor AS5202t, currently i am not sure on how to make my NAS to stream content on my phone when im out of the house. Anyone can help me in this? So far i have not sorted out time to figure this out as i am working and when i get home i just wanna relax and play some games. so to say lazy la. lol haha Thanks!
Bear in mind that doing so will expose your NAS to the internet, which means remote hacker or virus can now find ways to get into your NAS. One way to secure it is by having your NAS connected to VPN, so only those with your VPN access can connect to your NAS.
Edit: Actually also using it through the router now, only think is i need to be connected to LAN/Wifi of the router only can access the data. Other than that cant. I tried using the app, also same, need wifi only can. :\ So means if i use remote access it might cause hackers to hack my router?
If you can't access the NAS remotely, means you haven't done proper settings in NAS and/or router.
Not hack router, that already being/continue attempted since router have access to internet. Whatever things that have access to internet will also risk it to be hacked remotely. See the video I post earlier, the guy NAS got hacked and data encrypted by ransomware.
These days open source NAS's OS also more easier to set up that makes it almost as easy as prebuilt NAS. To stay ahead prebuilt NAS offer multitude of apps so that it's functions extend beyond just network's storage.
I just tried Synology's Note Station as I want to use less of Google's apps, before this I use Keep. I was surprised that Note Station is very features rich. I thought it was just simple note taking like Keep. Formatting is rich like One Note, can even embed youtube video in note. Notes can be organized in folder and sub folder and also support tagging and searching. It's really an underrated app.
I'm still with GKeep... maybe will try the Note Station too
I feel notes in Keep is a mess since cannot arrange it by folder, used to this way like doing file management. Sure, can use tags but I prefer to arrange by folder which is separate than tagging. Drawback is it doesn't have reminder or task function. Keep I feel better for short note or reminder while Note Station better for rich formatting notes for archiving. And I just found out that tags can be nested in another tag. Going to re organized all my tags again.
It doesn't have drawing function, which what I really like about One Note. But the functions available is not bad.
Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.
The mass incidents of disk wiping came to light in this thread on Western Digital’s support forum. So far, there are no reports of deleted data later being restored.
CODE
It is very scary that someone can do factory restore the drive without any permission granted from the end user… I have found this in user.log of this drive today: Jun 23 15:14:05 MyBookLive factoryRestore.sh: begin script: Jun 23 15:14:05 MyBookLive shutdown[24582]: shutting down for system reboot Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: begin script: start Jun 23 16:02:29 MyBookLive _: pkg: wd-nas Jun 23 16:02:30 MyBookLive _: pkg: networking-general Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav Jun 23 16:02:31 MyBookLive _: pkg: date-time Jun 23 16:02:31 MyBookLive _: pkg: alerts Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api I believe this is the culprit of why this happens…No one was even home to use this drive at this time… P.S. You can use support->create and save system report to get all the logs. Please check yours and see what happened.
QUOTE
CVE-2018-18472: Western Digital WD My Book Live (all versions) has a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device.
Hi all, just bought a second hand Synology 918+, now looking for a UPS that will be able to shut it down safely when there's a power failure (via USB).
From using the search feature, APC Back-UPS BX950U-MS 950VA seems to work. I was wondering if anyone had any experience with anything cheaper that also works? Only the NAS will be connected to the UPS, nothing else.
The connection between my desktop and NAS is also surprisingly slow.. Running 2 6Tb Ironwolf drives.
UPS that have USB port to send it's status signal would work. Cyberpower UPS would be the cheaper choice.
Could be the NAS is busy doing background processing? Since you just got the NAS and after dump some big data into it, the NAS would need some time to do indexing, processing and thumbnails.
The researchers found that they could get into a Cloud OS 3 device by remotely updating it with modified firmware. The firmware update functionality is meant to be accessible only to authenticated users, but they were able to get around that because the NAS seemingly has a user on it with a blank password, which they were able to use to authenticate in some cases.
Their version of the exploit allows them to carry out commands on the NAS, but other versions could be used for any number of nefarious purposes. Also, because the hack exploits the firmware update function, a hacker could purposefully or even accidentally brick the device. The researchers have built their own custom security patch, but it has to be re-applied to the device every time it reboots. You can see more details about it in a video they made explaining the exploit.
The vulnerability, discovered by security researchers Pedro Ribeiro and Radek Domanski, is seemingly present on Cloud OS 3 devices and not on the newer Cloud OS 5, which WD recently released as an update. The problem is that, according to Ribeiro and Domanski, many of WD’s users don’t like the new version. That’s because it’s missing certain functions and features that were available in Cloud OS 3. WD has said it won’t be updating Cloud OS 3 with security patches.
There’s also the possibility that some users won’t be able to upgrade to Cloud OS 5. According to WD’s supported devices page, the updated software isn’t available for the MyCloud EX2, EX4, or certain versions of the My Cloud and My Cloud Mirror.
Installed DSM 7 today and it was quite fast. I also disable nvme SSD cache first, just in case. Around 10 minutes to install. After that it show login page, I somehow decided to refresh the page instead of login and after refresh it show the DSM is updating all the add-on package. I have total 22 package to update and it took about 30 minutes.
DSM 7 feel more fluid, more faster than DSM 6. All the new icon also makes it look fresh but almost everything still at the same place so there's no need of learning back how to use it.
Delegate functions is great. I delegate Resource Monitor and Info Center to non admin account that I use, now I don't need to login with admin account just to monitor the NAS.
Noticed something odd with the wallpaper. I use custom wallpaper, when I adjust the browser width very fast, I can see the default wallpaper at the back for split second before the custom wallpaper resize.
Most of my backup task need to re-edit as there's no more Moments folder to backup. My rsync fail to backup after update. i can re-establish link without problem but when backup run it will fail. The log doesn't help much, it only mention failed to run backup. I have to create new backup task and can't choose the same folder as previous even though I already delete the task.
Doesn't seem to have any issue with Docker. I'm running pihole and portainer and both still work. Synology's Document Viewer is now listed in Docker.
Virtual Machine Manager doesn't seem to have any problem. Still can run VM without any issue.
On the Package Center it ask to repair Plex. After repair no more message, but I'm not using it so not sure if really no issue.
File Station now can't be resize to small width. I used to be able to fit 3 File Station side by side without fully using the whole screen but now can only fit 2. It is still limited to max 3 windows.
Odd behavior that I encounter is after log out and log in back, few seconds later it auto log out saying connection expired. Maybe it's because of I'm running few tabs with DSM, Drive, Photos and Note Station. Maybe some tabs late telling NAS it have log out.
I'm not using Photo Station. But from what I read on the internet, Photos doesn't have a lot of functions that Photo Station have, especially on managing permission for users group account. Better to fully understand Photos limitation if your usage with Photo Station is important.
I setup custom login portal for Photos, but every time I open it, it will load https://"myloginportal"#/shared_space/folder/1 instead. Because of this it doesn't load the customized login portal and instead show an almost blank page with message "No publicly shared folders" and a button to sign in. Drive, File Station and Note Station doesn't have such problem. I guess it is because of Shared Space. After login it will load Shared Space, no matter if before I log out I am using Personal Space.
Photos app now can view by folder, something that Moments app cannot do. This makes it much easier for me to find photos in each folder. Also can swipe to do multiple selection, it's so easy now to select many photos. Photos in web browser also can do SHIFT+Select at multiple place so also very easy to do multiple selection.
No more Subject recognition is also a bummer. Let's hope Synology will add it back since many people prefer having it. New added HEVC videos can't be play in browser but HEVC video uploaded before update still can play. I think Photos doesn't convert the video like Moments.
I use Drive and Moments together to manage all my files. Some folder I store different format of files in it, jpg, pdf, docx. Now with Photos, it doesn't save the file in Drive folder. Now I'm thinking how should I re-arrange all files again.
The ransomware-as-a-service (RaaS) operation behind REvil have become one of the most prolific and successful threat groups since the ransomware first appeared in May 2019. REvil has been primarily used to target Windows systems. However, new samples have been identified targeting Linux systems. AT&T Alien Labs™ is closely monitoring the ransomware landscape and has already identified four of these samples in the wild during the last month, after receiving a tip from MalwareHuntingTeam.
Key Takeaways: -REvil ransomware authors have expanded their arsenal to include Linux ransomware, which allows them to target ESXi and NAS devices.
-The new Linux version has similarities to the Windows version, which has impacted companies such as JBS, Acer, and Travelex, as already reported by the FBI and the media.
Only use VPN or reverse proxy server if want connect to NAS remotely.
Yeah, hackers and ransomware getting much more sophisticated now. With cheap cloud hosting, nodes that have different IP for each one, toss few Dockers on top of each node and control everything with Kubernetes, a hacker can have hundreds of bots at his command. That haven't count for zombie botnets. Feels like we're living in the Matrix now.
I also have stopped using QuickConnect and now only use VPN when connect from internet. And I stop or uninstall app that I'm not currently using. Recent 0 day exploit on QNAP and WD, and also Microsoft PowerShell 7 critical vulnerability shows no company will be truly safe. Ransomware attacks in Taiwan also have increased 407% over past 18 months.
TAIPEI (Taiwan News) — Taiwan has become a favored target of ransomware attacks launched by hacking groups, with the attack frequency doubling Asia’s average and an uptick in attacks ranking in the top five in the Asia Pacific region, according to Microsoft.
Microsoft on July 1 announced data compiled by Defender Antivirus, a subsidiary of Microsoft, showing that malware attacks in Taiwan have increased by 16 percent over the past 18 months, including an increase of 407 percent in ransomware attacks. This was only lower than an 825-percent increase in New Zealand, a 541-percent increase in Japan, a 463-percent increase in China, and a 453-percent increase in Australia, CTWANT reported.
Microsoft said hackers launch a daily average of 50 million attacks, with 579 attacks per second, adding that in 2020, 30 billion email threats were intercepted.
The warning is in response to ‘PrintNightmare’, a critical zero day flaw in the Windows Print Spooler service which is actively being exploited by hackers to remotely execute code with system-level privileges (the ultimate goal for attacks). Now Microsoft has issued a series of fixes which, while flawed, are essential updates for all Windows users.
Why has PrintNightmare been so damaging? Because it was an accident. Security researchers accidentally published their proof-of-concept (PoC) exploit online which meant Microsoft caught completely off guard and hackers were spoonfed all the information required to start taking advantage of Windows computers around the world.
Furthermore, PrintNightmare attacks enable hackers to do whatever they want with your Windows system via remote code execution. This includes installing programs, modifying data and creating new accounts with full administration rights over your computer.
Jun 8 2021, 11:43 AM
Quote
Going to re organized all my tags again.
This one affects Cloud OS 3 devices
of course VPN too
0.0808sec
0.47
7 queries
GZIP Disabled