Tag: Data Hoarding

Western Digital My Cloud Experiences Yet Another Breach

Western Digital’s My Cloud Network is down again after some sort of network breach. According to a Western Digital press release,

On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.

Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.

I am actually legitimately impressed that Western Digital continues to attract customers to its My Cloud offerings, given that issues like this are fairly routine for the company and service.

Back in 2018, for example, security researchers discovered that My Cloud devices had a hard-coded backdoor in them and many other vulnerabilities.

GulfTech also discovered a backdoor that bears the admin username ‘mydlinkBRionyg’ and password ‘abc12345cba.’ Anyone can just log into My Cloud devices with the said credentials, which were hardcoded into the binary and cannot be changed. This backdoor access can also allow malicious actors to access code that is vulnerable to command injection. It can spawn a root shell as well.

In 2021, hackers found a vulnerability in older My Cloud OS 3 devices that allowed them to remotely wipe Western Digital My Book Live devices after someone at Western Digital removed code that required a password to do a factory reset of the devices.

To add insult to injury, Western Digital’s response was to announce that the fix for this problem was for people to buy new devices that supported My Cloud OS 5. According to an Engadget story,

When Engadget reached out to Western Digital, a spokesperson for the company told us there is a fix for this vulnerability — we ‘patched’ OS3 with OS 5.” They added: “My Cloud OS 5 is a major security release that provides an architectural revamp of our older My Cloud firmware. All My Cloud products currently under active support are eligible for the My Cloud OS 5 upgrade and we recommend that all users upgrade as soon as possible to benefit from the latest security fixes.

In March 2022, Western Digital had to release a patch for My Cloud after a supply chain vulnerability left devices open to remote code execution. But the problems went well beyond supply chain issues.

To make matters worse, Western Digital PR4100 had a public AFP share by default, which was available to the hackers without requiring user authentication.

Look, Western Digital has no clue what it is doing with security in My Cloud. No one who cares about their data should ever use this product.

Seagate Is Shipping 16TB Hard Drives

According to Anandtech,

Continuing the march of progress in the HDD industry, Seagate has revealed that they have started shipping their 16 TB PMR hard drives. In a quarterly earnings call last week, the company reported that the drives have been shipping since late March, with current shipments coming ahead of high volume production of the drives. Seagate in turn expects to kick off mass production in the second half of 2019, and by Q2 2020 the new 16 TB drives will be its highest revenue SKU. What is particularly noteworthy here, besides the capacity of course, is that these drives do not use next-generation heat assisted magnetic recording (HAMR) technology. Instead, they’re based around conventional magentic recoding (which is a new way to call perpendicular magnetic recording, PMR), which is being boosted by two-dimensional magnetic recording (TDMR).

. . .


For a number of years Seagate has implied that HAMR will be first used for 16 TB drives, so the unexpected shift to CMR + TDMR raises several question about the the state of the market and the technology. Is the delay client-driven, with the company’s clients wanting to stick to proven technologies for another round? Or, since HAMR HDDs use different components (new media, new heads, etc.), do the manufacturing costs of HAMR hard drives present a hurdle to manufacturing and/or client adoption? Or is the change in plans due to something else entirely?

ArchiveBox

ArchiveBox is a free, open-source tool that lets users create archived versions of web pages,

ArchiveBox takes a list of website URLs you want to archive, and creates a local, static, browsable HTML clone of the content from those websites (it saves HTML, JS, media files, PDFs, images and more).

You can use it to preserve access to websites you care about by storing them locally offline. ArchiveBox imports lists of URLs, renders the pages in a headless, autheticated, user-scriptable browser, and then archives the content in multiple redundant common formats (HTML, PDF, PNG, WARC) that will last long after the originals disappear off the internet. It automatically extracts assets and media from pages and saves them in easily-accessible folders, with out-of-the-box support for extracting git repositories, audio, video, subtitles, images, PDFs, and more.