HP admits to backdoors in storage products

1. SSH to the box<p>2. Username: hpsupport<p>3. Password (from SHA1 lookup): badg3r5<p>Yes that shit.<p>We have some of this kit in and I&#x27;ve tested it and it works absolutely spot on. Fortunately it&#x27;s all firewalled off but it&#x27;s not the sort of crap you want on your doorstep.<p>Nothing to do with the NSA this - just a crappy decision somewhere which is designed to make HP support&#x27;s life easier. As someone else said: this bug is as old as time.

I just don&#x27;t understand why companies are still pulling this crap. It puts their customers at risk.

Misleading article title. (What better to expect from The Register?) HP admitted there&#x27;s a vulnerabiity that with customer provided access and permission can allow HP support to access underlying os of the storage device. At most a reboot is possible not data access. So this is just another stupid vulnerability that&#x27;ll be fixed soon - not a backdoor.

Sadly our parent company uses HP to handle all security and computer support&#x2F;installation. Around here they are known as Helpless People.

HP nicely covering their ass to not get associated with the NSA scandal happening at the moment. I don&#x27;t know if the fact that they are trying so hard is an indication that they actually are but this is suspicious.

this keeps getting better and better

Looks more like name&#x2F;brand smearing to me (from the competition?). Especially convenient in the midst of the NSA scandal.