SoylentNews is people
SoylentNews
from the would-you-like-the-good-or-bad-news? dept.
Update: Western Digital announced its acquisition of SanDisk on Wednesday for $86.50 per share, or about $19 billion.
Bloomberg reports that hard disk drive maker Western Digital (WD) is considering purchasing SanDisk Corp. for between $80 and $90 a share, or around $17-18 billion.
A merger would give WD access to SanDisk's NAND flash chip foundry deal with Toshiba and make WD an instant competitor in the solid-state drive market. As we reported last week, SanDisk is also partnering with Hewlett-Packard on Storage-Class Memory (SCM), a post-NAND competitor to Intel and Micron's 3D XPoint offering.
After three years of delay, Chinese trade regulator MOFCOM has approved WD's integration with HGST. The two businesses will be required to keep product brands and sales teams separate for two more years, but can begin "combining operations and sharing technology," such as HGST's helium-filled 7-platter hard drives. $400 million in annual operating expenses could be reduced by the integration.
WD can be expected to include helium-filled hard drives in its product lineup imminently. If WD merges with SanDisk, we may also see the inclusion of more large NAND flash caches in the form of hybrid hard drive (HHD/SSHD) products. The Xbox One Elite Bundle ships with a 1 terabyte SSHD, and Seagate recently released a 4 terabyte desktop SSHD.
It's not all good news for Western Digital this week. Security researchers have just disclosed multiple vulnerabilities in WD's "My Passport" and "My Book" self-encrypting hard drives that allow encryption to be bypassed.
mendax writes:
"Totally uselsss", the article from El Reg dubs it:
WD's My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed.
Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and "modg" – have tried out six models in the WD My Passport family, and found blunders in the designs.
For example, on some models, the drive's encryption key can be brute-forced, which is bad news if someone steals the drive: decrypting it is child's play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems. [...]
"In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."
My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically safe, and only cycles through a series of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information for this key to be recreated by brute-force, we're told.
"An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240,"....
The paper that describes their exploit can be found here.
(Score: 0) by Anonymous Coward on Wednesday October 21 2015, @05:30PM
WD QC is shit. Are they still hemorrhaging big accounts due to the garbage they shipped this past year?
(Score: 2) by takyon on Thursday October 22 2015, @12:28AM
WD or Seagate?
https://www.backblaze.com/blog/3tb-hard-drive-failure/ [backblaze.com]
There is no reliable hard disk drive these days. Maybe HAMR will improve things over PMR, maybe not.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Thursday October 22 2015, @01:22AM
When you get your (multi-)TB hdd, run a thorough test first - there is a Linux utility that writes and read back the entire disk a few times with multiple patterns. It will last a couple days to complete.
Even that's no guarantee though. A disc failed after a few month even though it passed the test initially.
(Score: 1, Insightful) by Anonymous Coward on Wednesday October 21 2015, @06:08PM
Can it even be called encryption if the end user hasn't got full authority over the key?
(Score: 2) by Nerdfest on Wednesday October 21 2015, @06:34PM
It can, although ROT13 can also be called encryption. As they say, security is hard, but in most cases problems occur because people try to "roll their own" rather than using reference implementations. Most of these common problems have been solved quite well if you take the time to research a bit.
(Score: 2) by frojack on Wednesday October 21 2015, @10:03PM
I suspect It is meant to serve the purpose of data protection in the case of theft. That's really all.
I have no doubt that they (WD) would cough up the key to any police agency that asked.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by Rich on Wednesday October 21 2015, @08:03PM
As the resident nerd, I recently was asked to have a look at a dead external hard drive (return favours were negotiated). The device in question was some 3.5" external USB drive from WD. Probably something with "Passport". IIRC, I was told that the drive was dropped. When plugged in, it seemed to spin up and do a few seeks, which sounded very much like a successful startup routine and self test. But it didn't register at the desktop at all. A look into "dmesg" revealed an error: "Logical unit access not authorized".
Even an extensive search on the net left me none the wiser. If it was something possibly useful, WD should have it documented so it can be found. I suspect it might have something to with locking in the drive with its enclosure. Anyway, I handed the drive back and told them to throw it away or have it sorted with WD and/or their Windows-only maintenance software. I definitely wouldn't want to deal with such a situation myself. Because WD already had past sins booked on their account when they even refused to name the spindle speed of some new series, they're out of cred with me now.
Pity that we can expect SanDisk, which always was a "better safe than sorry" choice for solid storage, to pull stupid tricks like the above too.
PS: Just out of curiosity: Does anyone happen to know what this "authorization" logic is supposed to do and how it precisely works?
(Score: 3, Informative) by jmorris on Wednesday October 21 2015, @09:58PM
Have you looked into the ATA Security thing that all laptops/drives implement?
Man 8 hdparm and look for "ATA Security Feature Set"
Good luck figuring out what password they use though.
(Score: 1) by throwaway28 on Thursday October 22 2015, @07:42AM
FYI, an easy way to get encrypted block devices on linux, is
I began using this command in 2009; though d41d8cd98f00b204e9800998ecf8427e is /NOT/ my password.