Why aren’t there more people expressing their dissatisfaction over WD’s responsiveness to this issue???
All we get from them is “I don’t know” & “I’m sure they’re working on it”.
It has now been 2 months since this issue came into the spotlight and WD’s last comment about this dates to over one month ago.
Take a look at how a competitor to WD (in the Network Attached Storage space) acknowledges this problem and how quickly they came out with a resolution:
Security Bulletins and Advisories
The main vulnerabilities that are involved here (the Bash vulnerabilities, otherwise known as “Shellshock” and “Aftershock”) are CVE-2014-6271 and CVE-2014-7169. You can see them in QNAP’s list under dates Sept 29, 2014 & Oct 5, 2014.
QNAP has even gone so far as to release a malware remover for their devices:
Protect Your Turbo NAS from Malware – Malware Remover.
I had a sales representative in a computer store the other day describe WD’s NAS solutions as “NAS with Training Wheels”. I didn’t believe him at first, but after having taken a good hard look at things, I think that WD’s responsiveness in this situation is completely lacking.
I really hope that owners of these devices will educate themselves about this issue. Here are some articles that I have found which elaborate on the problem and talk about how badly NAS devices have been impacted:
What ‘Shellshock’ means to you and me
The Shellshock Aftershock for NAS Administrators.