Storage

01:55 AM
Connect Directly
RSS
E-Mail
50%
50%

Tempest in a Tape Encryptor

NeoScale accuses rival Decru of scare tactics in publicizing CERT advisory

NeoScale downplayed a vulnerability note issued by the U.S. Computer Emergency Readiness Team (CERT), saying it already fixed the problem and accused a rival of exaggerating the risk.

CERT's warning this week detailed a flaw in the authentication process of NeoScale Systems CryptoStor 700 tape encryption appliances. NeoScale CEO Barbara Nelson dashed off a note to media and analysts today saying the vendor fixed the problem in the latest version of its firmware released this month and blamed competitor Decru for sending out misleading information to scare off customers. The CERT note confirmed that NeoScale's latest release addresses the vulnerability.

Decru, a division of Network Appliance, and NeoScale are the major tape encryption appliance vendors. (See Review: Tape Encryption Devices and NetApp Buys Decru.)

CERT, part of the U.S. Department of Homeland Security, collects and manages computer security threats.

"CERT characterized this vulnerability as one that could allow a malicious user to bypass additional two-factor authentication if [her emphasis] they had knowledge of a security officer's user ID and password," Nelson said in her letter.

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
6
The Rise Of White-Box Storage
Jim O'Reilly, Consultant,  8/27/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed