[Discuss] Mothballing Synology NAS

[richard.pieri at gmail.com (Richard Pieri)]

On 2/5/2018 10:30 AM, Joe Polcari wrote:
> I just got an update today which, I think, covers it.

The CVE referenced in the release notes fixes a local privilege
escalation bug in ipesc. The Meltdown/Spectre CVEs are still listed as
"Ongoing" as of this writing:

https://www.synology.com/en-us/support/security/Synology_SA_18_01


On 2/5/2018 9:33 AM, markw at mohawksoft.com wrote:
> This is common across the industry. EMC, Cisco, IBM, and others have
> said basically the same thing. I would dump synology because its
> crap, but not because of that.
My IBM references rank Meltdown/Spectre as "High Severity".

Likewise, my Netapp references rank them as "High Severity".

Cisco (network side) does rank them lower because network gear has a
much smaller attack surface than general purpose computers. The people
on the Unity side rank them much higher.

But then, Synology's failure to take these vulnerabilities seriously
does put them in the "crap" category. :)

-- 
Rich P.