So says security biz in 'share everything to the web' flaw alert
By John Leyden, 13 May 2014 Some personal desktop storage devices are leaking top corporate secrets to the internet – in one case, the designs for a hole-in-the-wall cash machine.That's according to intelligence biz Digital Shadows, which tries to work out how proprietary and personal information accidentally escapes network boundaries.
We're told one particular off-the-shelf network-attached storage (NAS) box grants outside access to its file system without authentication by default.
This "easy share" feature is supposed to make passing information to other users more convenient, although it appears to be a little too convenient: miscreants aware of the "share everything" design flaw are scanning the public internet for vulnerable models, and grabbing sensitive stuff, it's claimed.
It's conceivable that NAS boxes might accidentally face the internet due to lax controls: picture an employee taking his or her work home, and backing up to a personal storage system that can be accessed via their flat's broadband connection.
Off-site contractors could also make the same mistake if their machines are not locked down. There's even the danger of workers using cloud-based storage for back ups, which then leak their contents insecurely. Some desktop drives even mirror their files to the cloud automatically.
Full Article
Looks like nothing is safe and the trend is for an increase in NAS storage device usage especially when marketed under the 'sexy' personal cloud monicker. Think again...and then be very afraid.