Getting to the root of the problem
Several of Seagate's wireless hard disk drives (HDDs) contain multiple vulnerabilities, including "undocumented Telnet services" that hackers could access by using the default credentials of "root" for the username and password of a built-in user account, Cert.org reports.
Once inside, an anonymous hacker would have access to the compromised drive's contents and "unrestricted file download capability" with wireless access. The attacker would be able to directly download files from anywhere on the file system.
The affected hard drives also provide file uploading capabilities with wireless access to the device's /media/sda2 file system, which is reserved for file sharing. So in other words, a hacker could steal your files and replace them with malware, all by using the default "root" password.
Affected wireless models include the Seagate Wireless Plus Mobile Storage line, Seagate Wireless Mobile Storage line, and LaCie FUEL line. At minimum, the above-mentioned vulnerabilities are present in firmware versions 2.2.0.005 and 2.3.0.014, though they could exist in other firmware versions.
That's the bad news. The good news is that Seagate has issued a new firmware release (3.4.1.105) that fixes the security issues. It can be found on Seagate's website.
Follow Paul on Google+, Twitter, and Facebook
From maximumpc
from http://bit.ly/1Os9rjs
