Storage

01:55 AM
Connect Directly
RSS
E-Mail
50%
50%

Tempest in a Tape Encryptor

NeoScale accuses rival Decru of scare tactics in publicizing CERT advisory

NeoScale downplayed a vulnerability note issued by the U.S. Computer Emergency Readiness Team (CERT), saying it already fixed the problem and accused a rival of exaggerating the risk.

CERT's warning this week detailed a flaw in the authentication process of NeoScale Systems CryptoStor 700 tape encryption appliances. NeoScale CEO Barbara Nelson dashed off a note to media and analysts today saying the vendor fixed the problem in the latest version of its firmware released this month and blamed competitor Decru for sending out misleading information to scare off customers. The CERT note confirmed that NeoScale's latest release addresses the vulnerability.

Decru, a division of Network Appliance, and NeoScale are the major tape encryption appliance vendors. (See Review: Tape Encryption Devices and NetApp Buys Decru.)

CERT, part of the U.S. Department of Homeland Security, collects and manages computer security threats.

"CERT characterized this vulnerability as one that could allow a malicious user to bypass additional two-factor authentication if [her emphasis] they had knowledge of a security officer's user ID and password," Nelson said in her letter.

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Hot Topics
11
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed