![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneFirst up, HP. Seems like they think their customers might enjoy a bit of spontaneous laptop combustion. They're having a problem with some of their laptop batteries bursting in to flames. Their solution is to issue a BIOS patch that will drain the battery and then prevent it from charging, then to replace the battery.
From the web site: "Batteries affected by this program were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. They were also sold as accessories or provided as replacements through HP or an authorized HP Service Provider."
These laptops do not have user-replaceable batteries, the case has to be opened up. I've done that many times, but most people shouldn't do that.
https://batteryprogram687.ext.hp.com/en-US/
Next, Western Digital. Seems they hardcoded an admin account and password into their internet-enableable NAS devices, and it would be pretty simple for an attacker to manipulate a web site to include hidden iframes to access your data. A firmware patch is available, and you should disconnect your NAS from the internet until after you've patched.
From the article: "If you aren't sure if your My Cloud Storage device is affected, please check against the below list. If your model is listed, you should unplug it from Ethernet immediately. Apparently, firmware 2.30.172 (issued November 2017) fixes the bug, so do not reconnect to the internet until you are sure that your device is updated and the vulnerability is patched.
MyCloud
MyCloudMirror
My Cloud Gen 2
My Cloud PR2100
My Cloud PR4100
My Cloud EX2 Ultra
My Cloud EX2
My Cloud EX4
My Cloud EX2100
My Cloud EX4100
My Cloud DL2100
My Cloud DL4100
Please know, even if you updated the firmware in November, your files could have been accessed by nefarious people before then -- for years. That is very scary."
If you want to test it, the username is "mydlinkBRionyg" and the password is "abc12345cba", without quotes. The back door vulnerability was disclosed to Western Digital six months ago and nothing was done.
https://betanews.com/2018/01/07/western-digital-mycloud-backdoor/
Finally, Apple has released an iOS update to address the Meltdown and Spectre vulnerabilities, possibly also their little battery life slowdown kerfuffle. It's a full-size download, 2.something gig, so expect a long time installing.
From the web site: "Batteries affected by this program were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. They were also sold as accessories or provided as replacements through HP or an authorized HP Service Provider."
These laptops do not have user-replaceable batteries, the case has to be opened up. I've done that many times, but most people shouldn't do that.
https://batteryprogram687.ext.hp.com/en-US/
Next, Western Digital. Seems they hardcoded an admin account and password into their internet-enableable NAS devices, and it would be pretty simple for an attacker to manipulate a web site to include hidden iframes to access your data. A firmware patch is available, and you should disconnect your NAS from the internet until after you've patched.
From the article: "If you aren't sure if your My Cloud Storage device is affected, please check against the below list. If your model is listed, you should unplug it from Ethernet immediately. Apparently, firmware 2.30.172 (issued November 2017) fixes the bug, so do not reconnect to the internet until you are sure that your device is updated and the vulnerability is patched.
MyCloud
MyCloudMirror
My Cloud Gen 2
My Cloud PR2100
My Cloud PR4100
My Cloud EX2 Ultra
My Cloud EX2
My Cloud EX4
My Cloud EX2100
My Cloud EX4100
My Cloud DL2100
My Cloud DL4100
Please know, even if you updated the firmware in November, your files could have been accessed by nefarious people before then -- for years. That is very scary."
If you want to test it, the username is "mydlinkBRionyg" and the password is "abc12345cba", without quotes. The back door vulnerability was disclosed to Western Digital six months ago and nothing was done.
https://betanews.com/2018/01/07/western-digital-mycloud-backdoor/
Finally, Apple has released an iOS update to address the Meltdown and Spectre vulnerabilities, possibly also their little battery life slowdown kerfuffle. It's a full-size download, 2.something gig, so expect a long time installing.
