Heartbleed OpenSSL

We have all read about this bug.  Many of us have also read that the fix has been available for some time now.  (Upgrade  Openssl)

While I would love to have additional features, or some of the other bugs fixed in the next release of firmware for our devices, I do NOT want to wait for testing and acceptance of any additional improvements.  My device is now offline, and I need to be able to put it back online ASAP. 

Please WD, just push the new version of OpenSSL out so we can upgrade and get our devices safely back online. 

This should be viewed internally and externally as an opportunity for WD to shine by reacting quickly to a bad situation that was no fault of WD or its engineers/developers.  If you drag your feet on this is will hurt your image as a premier storage solutions provider in the SOHO community. 

I have always had great results from WD products and I hope WD doesnt allow this event to change the opinion of mine and others.

Regards,

GH

They do have a note at the top of every sub-forum (board) page saying they are working on releasing a heartbleed patch quickly. Until then, the only thing you are vulnerable to is the remote access directly via the web and you can turn that off and still use their mycloud relay service to connect to your EX2, without any risk. FTP and WebDAV access are also heartbleed-free options that you may want to look into.

I am using the instructions per WD’s official statement.  The following is one line from their instructions;

“Cloud Access will now show the toggle button to be set to Off , and the Connection Status will have changed to Disabled. WD2go and WDMyCloud remote access has now been successfully disabled.”

Doing WD’s instructions to protect your drive from this bug definitely removes remote access which is a very important feature of the EX2.  We need to see a fix ASAP.

Hmm…my error then. I thought the relay service via WD2go would still work. I agree a heart bleed fix should be provided quickly. But at the same time, you do realize how small the possibility is of hackers scanning every IP of home users to spot such a vulnerability, don’t you?

Certainly, very small possibility.  However, if you kept all of your money in your house instead of the bank, would you leave your door unlocked because there was a very low possbility that someone would actually come in and steal it?  I consider my data to be extremely valuable, I dont want to take any chance that a random scan would gain access to my data.

The wait for this patch shouldn’t last too long…hopefully. If it takes more than another 7-8 days (because they have to QA the changes lest it breaks something else…though in theory it shouldn’t), I’d think the risk starts to go up. I am glad I rely on ftp and sftp rather than https for file transfers.

They just released the fix for the EX4 yesterday, hopefully the fix for the EX2 will be here very soon.

Yep…I am hoping the same after I saw that news this morning.

Definitely not feeling the love…  It seems WD is going to take their time getting an update out for the EX2.  NOT COOL.

I agree. Appears they have released fix for EX4 and for regular My Cloud but we are still waiting. Not too happy about this. I hope we get it by the end of this week at the latest.

It’s been released just now.

1 Like