HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
HP's new slogan should be "backdooring our customers since 2009." Honestly, that works on so many levels. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
HP Keeps Installing Secret Backdoors
- Thread starter HardOCP News
- Start date
LeninGHOLA
Vladimir Hayt
- Joined
- Aug 26, 2009
- Messages
- 18,416
This makes my butt Hewlett Puckered.
LeninGHOLA
Vladimir Hayt
- Joined
- Aug 26, 2009
- Messages
- 18,416
I'm pretty sure we are making puns here, so...
Don't think that there's anything unusual about this. Equallogic does the same thing. You don't want to get locked out of an enterprise storage array, so there's always a way for the manufacturer to get back into it.
Not like these arrays are on public networks anyway, they are on isolated networks.
This is a non-issue.
Not like these arrays are on public networks anyway, they are on isolated networks.
This is a non-issue.
kbrickley
Supreme [H]ardness
- Joined
- May 13, 2012
- Messages
- 7,514
You really shouldn't make poor HP the Butt of all your jokes
My lefthands have backdoors, which came in very handy when I went to set them up and the retards I had just started working with could not remember any of the passwords. Equallogic setups have the same thing. Run them on their own vlan and there is no issue.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
With all these companies putting back doors, or rumors of them putting back doors, it's yet another reason to stop going with proprietary solutions and go with in house and/or open source solutions.
leeleatherwood
[H]ard|Gawd
- Joined
- Sep 6, 2011
- Messages
- 1,582
This.
What's the rationale for your argument? Why is the fact that storage array manufacturers can get into the controllers if you supply them with the required information a bad thing?
You don't know what you are talking about. They have them by design. They are designed to operate on segregated networks. It is a non-issue.
Argument from ignorance, a web tradition.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
I'm speaking more in general. There's also similar rumors that MS has backdoors to allow the NSA in, and lot of other similar reports about different companies and products. Without being able to see the source there is no way to know for sure if any of these things are true. That's not a chance anyone should be willing to take on their networks.
dgingeri
2[H]4U
- Joined
- Dec 5, 2004
- Messages
- 2,830
Since 2009? I'd say more like since 1984, when they came up with that horrid OS, HP-(S)UX.
CreepyUncleGoogle
Supreme [H]ardness
- Joined
- Mar 10, 2013
- Messages
- 6,871
I don't see why this is a big deal at all. People buy stuff with Google-made operating systems and even willingly download their browser so it's pretty obvious that there's this huge population group that's totally into teh backdoorz.
Benzino
[H]ard|Gawd
- Joined
- Mar 3, 2005
- Messages
- 1,668
Even if the SAN is on a separate non-routable network, would you want poor security on the built-in back door meant for HP service? The article mentions that multiple admins have cracked the hash, and also mentions weak passwords in previous incidences of this.
It begs the question: Do you want to be locked out of your SAN if the personnel with the keys to the kingdom disappear?
It begs the question: Do you want to be locked out of your SAN if the personnel with the keys to the kingdom disappear?
The problem is that unauthorized access is still technically possible and prevented only by their corporate policies...which they enforce on themselves through the honor system. The problem is that "trust us" is simply not good enough.
TheBuzzer
HACK THE WORLD!
- Joined
- Aug 15, 2005
- Messages
- 13,005
HPSupport
badg3r5
is the backdoor?
badg3r5
is the backdoor?
Yes.
How is unauthorized access by the vendor possible if the SAN is on a segregated storage network with no physical connection to any network that HP (or anyone other than the IT staff at the organization that bought the SAN) can access?
It's just as much of a secret as the launch sequence to nuclear missiles is a secret. Those who work with it know that it exists, what its used for, and how it's implemented.
It's sensational journalism that takes an issue that is business as usual in the enterprise storage world and presents it as some conspiracy to the general public which is totally clueless but happy to bandwagon outrage.
GaryJohnson
[H]ard|Gawd
- Joined
- Feb 1, 2010
- Messages
- 1,053
Sometimes the vendor sends people on-site to repair stuff.
Seriously? So your argument is that those send to repair things can access your SAN? Everyone in your storage group has direct access to your SAN as well, everyone in your server group has access to the data on the SAN. Depending on the size of your organization literally thousands of people could just have access to the data on mounted volumes as part of the normal business process. Lots of those people are paid a lot less than the storage vendor tech and have far more incentive/reason to disclose your data.
The storage vendor tech doesn't need the backdoor, odds are you'll issue him an admin account for working on the unit while he's on site.
Red Falcon
[H]ard DCOTM December 2023
- Joined
- May 7, 2007
- Messages
- 12,444
THIS.
Their UNIX OS was crap, their printers are crap, their computers are crap, backdoors on their products...
This is starting to sound like Microsoft's product lineup!
While you have a point, at least people who launch missiles have to earn some security clearance, for whatever that is worth. However I could go work for HP tomorrow, become a tech or whatever, learn the backdoor, leave disgruntled, and start hosing SANs left and right. If I was a missile launch operator, I can guarantee you that if I quit my job, I would have no chance of ever touching a console ever again. Well, not unless I wanted to defect to China or something.
Let's say you leave HP disgruntled today. How are you going to access my SAN tomorrow? It's on an isolated network that you don't have access to unless you work here in the department that has access to it.
If you work here, in the department that has access to it, you don't need to be a former disgruntled HP employee because you already have access just by working here and can hose the SAN without needing a backdoor.