Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Tempest in a Tape Encryptor

NeoScale downplayed a vulnerability note issued by the U.S. Computer Emergency Readiness Team (CERT), saying it already fixed the problem and accused a rival of exaggerating the risk.

CERT's warning this week detailed a flaw in the authentication process of NeoScale Systems CryptoStor 700 tape encryption appliances. NeoScale CEO Barbara Nelson dashed off a note to media and analysts today saying the vendor fixed the problem in the latest version of its firmware released this month and blamed competitor Decru for sending out misleading information to scare off customers. The CERT note confirmed that NeoScale's latest release addresses the vulnerability.

Decru, a division of Network Appliance, and NeoScale are the major tape encryption appliance vendors. (See Review: Tape Encryption Devices and NetApp Buys Decru.)

CERT, part of the U.S. Department of Homeland Security, collects and manages computer security threats.

"CERT characterized this vulnerability as one that could allow a malicious user to bypass additional two-factor authentication if [her emphasis] they had knowledge of a security officer's user ID and password," Nelson said in her letter.

  • 1