Even with root access, the secret admin account does not give support techs or hackers access to data stored on the HP machines, according to the company. But it does provide enough access and control over the hardware in a storage cluster to reboot specific nodes, which would “cripple the cluster,” according to information provided to The Register by an unnamed source.
The account also provides access to a factory-reset control that would allow intruders to destroy much of the data and configurations of a network of HP storage products. And it’s not hard to find: “Open up your favourite SSH client, key in the IP of an HP D2D unit. Enter in yourself the username HPSupport, and the password which has a SHA1 of 78a7ecf065324604540ad3c41c3bb8fe1d084c50. Say hello to an administrative account you didn’t know existed,” according to Technion, who claims to have attempted to notify HP for weeks with no result before deciding to go public.
The hash hiding the login “is easily brute-forced,” according to Technion, who noted in a later blog that more than 55 users have separately notified him they’d broken the hash. The backdoors are hidden in versions of the LeftHand OS v. 9.0 and higher. They have existed since at least 2009, according to The Register.
- McDonald’s ketchup cups are expandable
- The Unlikely Tale of a Letter Called “Thorn”
- Bjarkan + Haglaz = Bluetooth
This is a list of extreme points of Earth, the points that are farther north, south, east or west than, higher or lower in altitude than, or farthest inland or out to sea from, any other locations on the landmasses, continents or countries.
— Bytemark Hosting (@bytemark) June 29, 2013
A warrant canary is a method used by an Internet service provider to inform its customers that the provider has not been served with a secret government subpoena. Such subpoenas, including those covered under the USA Patriot Act, provide criminal penalties for revealing the existence of the warrant to any third party, including the service provider’s customers. A warrant canary may be posted by the provider to inform customers of dates that they haven’t been served a secret subpoena. If the canary has not been updated in the time period specified by the host, customers are to assume that the host has been served with such a subpoena. The intention is to allow the provider to inform customers of the existence of a subpoena passively, without violating any laws. The legality of this method has not been tested in any court.
The idea of using negative pronouncements to thwart secret warrants was first proposed by Steven Schear on the cypherpunks mailing list, and was first implemented by public libraries in response to the USA Patriot Act.
The first commercial use of a warrant canary was by rsync.net. In addition to a digital signature, they provide a recent news headline as proof that the warrant canary was recently posted as well as mirroring the posting internationally.
Paperless office/household, anyone?
The price of printers and related accessories could rise in the future as print giants such as HP, Canon and Fujitsu face the prospect of huge payments to copyright holders for selling devices that allow such works to be reproduced.
A ruling from the European Court of Justice (ECJ) agreed that all printers that facilitate the reproduction of copyrighted works, by being connected to a computer, are liable for financial levies.
However, UK businesses might avoid any printing price increases, at least in the short-term, as the nation approaches copyright law differently to other European countries.
Vanessa Barnett, technology and media lawyer at law firm Charles Russell LLP, told V3 that the UK does not have a private copying permission under copyright law, which is the basis for the levy system existing in many other countries.
"The levy system is essentially a way to compensate copyright owners for private copying by placing a levy on items which are used to copy. [Outside of the UK] this obviously has cost consequences for suppliers and users," Barnett said. "But the UK shouldn’t feel too smug: the possibility of a levy system in the UK still does rear its head every now and then. It’s particularly relevant right now, because of the push in the UK for a private copying right to be introduced into UK law. If that does happen, a levy may not be far behind."
The ruling was made by the court at the request of the German Court of Justice for clarification on a case brought by publisher VG Wort against Canon, Epson, Fujitsu, HP and Xerox on the issue of payments for its copyright works that their printers allow to be reproduced in private.
“It is open to the member states to put in place a system in which the fair compensation is paid by the persons in possession of a device contributing, in a non-autonomous manner, to the single process of reproduction of the protected work or other subject-matter on the given medium,” the EU ruling reads.
In reality, this means printer companies will assimilate the levy into their pricing at the point of sale, thereby increasing the price of their goods, such as printers or printer ink, in a move that is likely to lead to higher prices for consumers and businesses alike.
Furthermore, because the decision has been handed down from the ECJ and is binding across all member states, it opens up for the possibility for all copyright holders to demand levies from printer companies. The potential costs to the affected IT firms could be huge, forcing printing prices to rise significantly.
HP told V3 it would comply with the EU copyright rules, but declined to comment on whether this would lead to price rises. "We believe HP’s printing systems provide the best overall value by offering customers an unrivaled combination of quality, reliability, speed and ease of use at competitive prices. We will continue to aim to protect our customers’ interests and the value we offer while diligently complying with European copyright framework,” the firm said.
AltaVista; I liked it so much that I
stole the graphics took inspiration from it when building Sun’s first internal search engine:
Goodbye AltaVista. You deserved better than this. Better than the one-sentence send-off Yahoo gave you today, when announcing your July 8 closure date. But then again, you always were the bright child neglected by your parents.
The Amazing AltaVista
You appeared on the search engine scene in December 1995. You made us go “woah” when you arrived. You did that by indexing around 20 million web pages, at a time when indexing 2 million web pages was considered to be big.
Today, of course, pages get indexed in the billions, the tens of billions or more. But in 1995, 20 million was huge. Existing search engines like Lycos, Excite & InfoSeek (to name only a few) didn’t quite know what hit them. With so many pages, you seemed to find stuff they and others didn’t.
As a result, you were a darling of reviews and word-of-mouth praise. You grew in popularity. In fact, I’d say you were the Google of your time, but it would be more accurate to say Google was the AltaVista of its time. That’s because Google didn’t even exist when you were ascendant. That’s also because you help paved some of the way for Google.
It was a brief ascendency, however. You were headed upward, but your parent, Digital Equipment, didn’t quite know what to do with you. You started out as an experiment, and then got used as a poster child for Digital to prove why companies should buy super-computers.
continues at: A Eulogy For AltaVista, The Google Of Its Time.