mactron Posted April 8, 2014 Share #1 Posted April 8, 2014 Since DSM 5 uses OpenSSL it is affected by the SSL Heartbleed Bug: http://techcrunch.com/2014/04/07/massiv ... -internet/ So until it's fixed your https connection to your XPEnology DS is not secure and all data could be decrypted (including your credentials). Link to comment Share on other sites More sharing options...
jokies Posted April 8, 2014 Share #2 Posted April 8, 2014 Why Synology have better interface while QNAP sales better? I think now we know why. QNAP QTS is not affected, for your information. Link to comment Share on other sites More sharing options...
crashegg Posted April 9, 2014 Share #3 Posted April 9, 2014 I doubt it, you can check this thread: http://forum.qnap.com/viewtopic.php?f=50&t=92078 In the world, every system running openssl 1.0.1 (which is popular) is affected, except latest 1.0.1g which is released by 4/7. Link to comment Share on other sites More sharing options...
mackevin11 Posted April 9, 2014 Share #4 Posted April 9, 2014 Yes, but popular 'good' sites, like YouTube, Facebook, Apple, ect are not affected. I was planning to do an upgrade to DSM5.1 and this doesn't stop me from doing that. Now I use an http connection which isn't encrypted at all, no problems so far. I think there will maybe be an update soon (DSM5.2 or so?) which will probably fix the 'bug'. Link to comment Share on other sites More sharing options...
mcdull Posted April 10, 2014 Share #5 Posted April 10, 2014 bugfix released for DSM5 Link to comment Share on other sites More sharing options...
mcdull Posted April 10, 2014 Share #6 Posted April 10, 2014 interestingly, I have applied the fix which supposed to fix the openssl bug. After upgrade and restart, when I type openssl version.. it shows:- openssl version OpenSSL 0.9.8v 19 Apr 2012 Link to comment Share on other sites More sharing options...
SK360 Posted April 10, 2014 Share #7 Posted April 10, 2014 interestingly, I have applied the fix which supposed to fix the openssl bug.After upgrade and restart, when I type openssl version.. it shows:- openssl version OpenSSL 0.9.8v 19 Apr 2012 Affected Products: OpenSSL 1.0.1 through 1.0.1f (inclusive) Vendor products with OpenSSL embedded (vendors will be publishing security advisories with patch releases as the week progresses) Non-Affected Products: OpenSSL 1.0.1g, 1.0.0 branch and 0.9.8 branch So you are fine. Link to comment Share on other sites More sharing options...
setch Posted April 10, 2014 Share #8 Posted April 10, 2014 interestingly, I have applied the fix which supposed to fix the openssl bug.After upgrade and restart, when I type openssl version.. it shows:- openssl version OpenSSL 0.9.8v 19 Apr 2012 I have just updated and it is showing the version as "OpenSSL 1.0.1g-fips 7 Apr 2014" setch Link to comment Share on other sites More sharing options...
klar123 Posted April 10, 2014 Share #9 Posted April 10, 2014 interestingly, I have applied the fix which supposed to fix the openssl bug.After upgrade and restart, when I type openssl version.. it shows:- openssl version OpenSSL 0.9.8v 19 Apr 2012 I have just updated and it is showing the version as "OpenSSL 1.0.1g-fips 7 Apr 2014" setch Did you setup it by IPKG? IPKG openSSL version is 0.9.8v-2. Link to comment Share on other sites More sharing options...
wenlez Posted April 10, 2014 Share #10 Posted April 10, 2014 Why Synology have better interface while QNAP sales better? I think now we know why.QNAP QTS is not affected, for your information. QNAP has much better packages, such as SuperMarioBros, VirtualBox, MongoDB.... etc. Link to comment Share on other sites More sharing options...
Recommended Posts