Jul 16, 2013

Will HPs practice of installing backdoors in StoreVirtual Storage products harm sales?

HP’s practice of putting hidden admin accounts in it’s enterprise products that allow users to gain root access seems like a bad idea to me. The company says, essentially, don’t worry about it, even with root access gained, the data is not accessible. Maybe not, but how much mayhem could be caused? I’m thinking plenty. I can’t help but think this could cost HP some sales.

HP closes StoreVirtual backdoor, slings key

"Hewlett-Packard has issued a patch for the StoreVirtual vulnerability under which an undocumented factory account existed in a number of products running its LeftHand (or SAN iQ) software older than version 10.5.

The vulnerability was brought to the attention of The Register (and of HP) by blogger Technion, who had earlier pointed out a similar issue in the company's StoreOnce products."

This article at Slashddot explains more about the backdoors if you aren’t familiar with the issue. I would think that it could dissuade some purchasers from HP’s storage devices, especially those most concerned about data integrity. I’m not really sure why HP decided to do this, in particular with enterprise storage, where there is the highest level of concern. Well, I guess it probably makes things easier for HP support, but is that really a good justification for a potentially compromising backdoor? Not to me. I would expect that now that attention is being paid to this, and I don’t know anyone who would view this as a good decision by HP, the company may reconsider this practice. 

Answer this