After the last month or so with the unveiling of the NSA PRISM system from Edward Snowden, as well as GCHQ, you'd think people would be up in arms over their security. How deep does the rabbit hole go, you ask?
Well, it's now coming to the point where Hewlett-Packard have had to admit, for the second time in a month, that they've built secret backdoors into their enterprise storage products. Technion, a blogger, is the one who has blown the whistle on this one, who saw the security issue in one of HP's StoreOnce systems last month, but then found more backdoors in HP's storage and SAN products.
HP's statement, after Technion blew the whistle, admitted that "all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer."
HP says that the backdoors are only usable with the permission of the customer - yeah, right - but that restriction is part of the company's own customer service rules and not a limitation built into the use of backdoors. There is a hidden administrator account with root access to HP's StoreVirtual systems and software. Not only that, but a separate copy of the LeftHand OS, which is the software that runs HP's StoreVirtual and HP P4000 products.
The root access reportedly doesn't give the user (or hacker) access to data stored on HP machines, but this is according to HP. My personal opinion, given the mind-blowing unloading of spying we've all had to come to terms with from government agencies and corporations, I wouldn't believe a thing HP are saying right now regarding users' data.
You can read more on this at the source.