- Jan 4, 2008
Given the numerous known and unaddressed QNAP failures (in other words 'non-anecdotal'), alternatives that work are to be solicited. So thank you!I had a QNAP system but it failed on me so I switched to Synology DS412+ and never looked back. Has worked great for over a decade with no issues. Of course, this is all just one anecdotal account and it should be viewed as such.
Turns out Mr. Gibson added one MORE comment in his latest podcast just yesterday:
QNAP I don’t like QNAP. I’ve said it before but, sadly, it’s worth reminding everyone due to recent events. At this point I’m pretty sure that I will never like nor recommend the use of QNAP’s products for any purpose... and I’d recommend this as a general policy.
Time and again the company has demonstrated itself to be too irresponsible. They have a well established track record of ignoring security researcher’s reports until their users are struck with disaster.
Nor do they fess up when they’re confronted. They obliquely refer to an “Improper Authorization Vulnerability in HBS 3” (which is their Hybrid Backup Sync offering). And it certainly is.
But it would be more correctly described as yet another hardcoded firmware backdoor credential that was discovered, as they will all inevitably be, and has been widely exploited by multiple breeds of ransomware which is now competing to see which can get in first to encrypt all of a user’s data.
Despite only asking 500 USD equivalent in bitcoin for decryption, there’s clearly no safe way to have any QNAP device publicly exposed to the Internet.
And QNAP themselves have begun recommending that their own users should not run on the default port 8080, but should attempt to hide their services elsewhere among the 65 thousand other ports because... that’s right... If you can’t make it secure, then at least make it obscure.
No thank you.