EMC and VMware Vulnerabilities Come to Light
- 
 While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week. 
- 
 Backup and recovery tools that is meant to protect us against disaster or whatnot is capable of allowing hackers root access. 
- 
 @black3dynamite said in EMC and VMware Vulnerabilities Come to Light: Backup and recovery tools that is meant to protect us against disaster or whatnot is capable of allowing hackers root access. The issue appears to stem from EMC and VMWare, in the way that the backup solutions are forced to operate. 
- 
 Partly, I'm sure, it stems from the massive complexities of these systems. An advantage to DevOps style backups is how simple they are. So much less to go wrong, because they try to do so much less. 
- 
 @scottalanmiller said in EMC and VMware Vulnerabilities Come to Light: Partly, I'm sure, it stems from the massive complexities of these systems. An advantage to DevOps style backups is how simple they are. So much less to go wrong, because they try to do so much less. What is a DevOps style backups? Using something like rsync? 
- 
 @black3dynamite said in EMC and VMware Vulnerabilities Come to Light: @scottalanmiller said in EMC and VMware Vulnerabilities Come to Light: Partly, I'm sure, it stems from the massive complexities of these systems. An advantage to DevOps style backups is how simple they are. So much less to go wrong, because they try to do so much less. What is a DevOps style backups? Using something like rsync? Rsync could certainly be a tool for that. 
- 
 



