Western Digital My Cloud Experiences Yet Another Breach

Western Digital’s My Cloud Network is down again after some sort of network breach. According to a Western Digital press release,

On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.

Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.

I am actually legitimately impressed that Western Digital continues to attract customers to its My Cloud offerings, given that issues like this are fairly routine for the company and service.

Back in 2018, for example, security researchers discovered that My Cloud devices had a hard-coded backdoor in them and many other vulnerabilities.

GulfTech also discovered a backdoor that bears the admin username ‘mydlinkBRionyg’ and password ‘abc12345cba.’ Anyone can just log into My Cloud devices with the said credentials, which were hardcoded into the binary and cannot be changed. This backdoor access can also allow malicious actors to access code that is vulnerable to command injection. It can spawn a root shell as well.

In 2021, hackers found a vulnerability in older My Cloud OS 3 devices that allowed them to remotely wipe Western Digital My Book Live devices after someone at Western Digital removed code that required a password to do a factory reset of the devices.

To add insult to injury, Western Digital’s response was to announce that the fix for this problem was for people to buy new devices that supported My Cloud OS 5. According to an Engadget story,

When Engadget reached out to Western Digital, a spokesperson for the company told us there is a fix for this vulnerability — we ‘patched’ OS3 with OS 5.” They added: “My Cloud OS 5 is a major security release that provides an architectural revamp of our older My Cloud firmware. All My Cloud products currently under active support are eligible for the My Cloud OS 5 upgrade and we recommend that all users upgrade as soon as possible to benefit from the latest security fixes.

In March 2022, Western Digital had to release a patch for My Cloud after a supply chain vulnerability left devices open to remote code execution. But the problems went well beyond supply chain issues.

To make matters worse, Western Digital PR4100 had a public AFP share by default, which was available to the hackers without requiring user authentication.

Look, Western Digital has no clue what it is doing with security in My Cloud. No one who cares about their data should ever use this product.

If the Earth Were a Hard Drive, How Much Data Could It Hold?

I happened to google that the other day and found a 2015 Scientific American article that did a pretty good job of working through this thought experiment.

To answer that question, let us consider the work of Martin Hilbert and Priscilla López. In 2011 Hilbert and López, then at the University of Southern California and the Open University of Catalonia in Spain, respectively, published an estimate of the cultural information stored in our planet’s texts, pictures and videos. They concluded that as of 2007, humans had stored 2 × 1021 bits, or two trillion gigabits. But there is much more information in our planet than what is contained in cultural artifacts. Information is also embodied in human-designed objects, such as your car and your shoes, and in biological systems, such as your ribosomes, mitochondria and DNA. Indeed, it turns out that most of the information contained in Earth is stored in the form of biomass. Based on Lloyd’s formula, I estimate that Earth contains roughly 1044 bits. That figure might sound like a lot, but it is only a small fraction of the globe’s capacity. If humans continued to generate 1021 bits every year, it would still take much more than a trillion ages of the universe to fill our planetary hard drive.

What these calculations tell us is that although Earth has an enormous capacity to store information, order is still rare. That insight, in turn, tells us a lot about how information is created and processed by the planet and the hurdles that could limit its growth in the future.

Seagate Is Shipping 16TB Hard Drives

According to Anandtech,

Continuing the march of progress in the HDD industry, Seagate has revealed that they have started shipping their 16 TB PMR hard drives. In a quarterly earnings call last week, the company reported that the drives have been shipping since late March, with current shipments coming ahead of high volume production of the drives. Seagate in turn expects to kick off mass production in the second half of 2019, and by Q2 2020 the new 16 TB drives will be its highest revenue SKU. What is particularly noteworthy here, besides the capacity of course, is that these drives do not use next-generation heat assisted magnetic recording (HAMR) technology. Instead, they’re based around conventional magentic recoding (which is a new way to call perpendicular magnetic recording, PMR), which is being boosted by two-dimensional magnetic recording (TDMR).

. . .


For a number of years Seagate has implied that HAMR will be first used for 16 TB drives, so the unexpected shift to CMR + TDMR raises several question about the the state of the market and the technology. Is the delay client-driven, with the company’s clients wanting to stick to proven technologies for another round? Or, since HAMR HDDs use different components (new media, new heads, etc.), do the manufacturing costs of HAMR hard drives present a hurdle to manufacturing and/or client adoption? Or is the change in plans due to something else entirely?

ArchiveBox

ArchiveBox is a free, open-source tool that lets users create archived versions of web pages,

ArchiveBox takes a list of website URLs you want to archive, and creates a local, static, browsable HTML clone of the content from those websites (it saves HTML, JS, media files, PDFs, images and more).

You can use it to preserve access to websites you care about by storing them locally offline. ArchiveBox imports lists of URLs, renders the pages in a headless, autheticated, user-scriptable browser, and then archives the content in multiple redundant common formats (HTML, PDF, PNG, WARC) that will last long after the originals disappear off the internet. It automatically extracts assets and media from pages and saves them in easily-accessible folders, with out-of-the-box support for extracting git repositories, audio, video, subtitles, images, PDFs, and more.