Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...

--
Cheers
Dave.

In article o.uk,
"Dave Liquorice" writes:
Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...

Quite common with appliance-type computers.
I think all the security camera recorders do this.
Its not necessarily with any evil intention, but the security
design in these appliances is often non-existant, and accidentally
provides a backdoor past your firewall from which both the appliance
and other items on your network can be accessed remotely.

--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]

Also I was querying why our office which uses bt as its email provider
hasLive mail set up to pump all the email into Microsofts servers, then back
out again.
Are BT now using Microsoft servers?
Brian

--
From the Sofa of Brian Gaff Reply address is active
"Andrew Gabriel" wrote in message
...
In article o.uk,
"Dave Liquorice" writes:
Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...

Quite common with appliance-type computers.
I think all the security camera recorders do this.
Its not necessarily with any evil intention, but the security
design in these appliances is often non-existant, and accidentally
provides a backdoor past your firewall from which both the appliance
and other items on your network can be accessed remotely.

--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]

On 23/06/2014 08:47, Dave Liquorice wrote:
Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...


Some NAS boxes have the option of using an "internal" email system for
replaying messages - it saves the user needing to setup details of an
SMTP server and knowing the credentials etc. These do indeed send out to
a preconfigured email server for relaying.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On 23/06/2014 09:59, Andrew Gabriel wrote:
In article o.uk,
"Dave Liquorice" writes:
Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...

Quite common with appliance-type computers.
I think all the security camera recorders do this.
Its not necessarily with any evil intention, but the security
design in these appliances is often non-existant, and accidentally
provides a backdoor past your firewall from which both the appliance
and other items on your network can be accessed remotely.


Why would *sending* an email open up any incoming holes?

My security cameras don't do that, they actually have the server
settings for my isp set up to send emails. They have to log in before
they can send.

On 23/06/2014 20:12, Dennis@home wrote:
On 23/06/2014 09:59, Andrew Gabriel wrote:
In article o.uk,
"Dave Liquorice" writes:
Pulled the power on my Iomega Home Media Network Hard Drive last
night as it and the Raspberry had left redundant SMB sessions.

Checking my email this morning I find one from
" telling me that the NAS "was shut down
improperly".

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has then
relayed it back to me. WTF! If it's doing that what else is it doing,
without me knowing?

About to dive into the config but I bet you can't tell it what mail
server to use. I like things to email me when they have a problem but
there is no need to let some unknown 3rd party know as well. Grrr...

Quite common with appliance-type computers.
I think all the security camera recorders do this.
Its not necessarily with any evil intention, but the security
design in these appliances is often non-existant, and accidentally
provides a backdoor past your firewall from which both the appliance
and other items on your network can be accessed remotely.


Why would *sending* an email open up any incoming holes?

My security cameras don't do that, they actually have the server
settings for my isp set up to send emails. They have to log in before
they can send.

I suspect Andrew's comments were not specifically email related, and
more internet appliance related in general.

For example lots of security cameras have server capabilities that allow
(theoretically just) their owner to login remotely and see what is going
on. Needless to say this encourages people to create a port forward
through their firewall to facilitate this. Alas many have a reputation
for allowing all manner of exploits to be vectored via them from their
trusted position inside the perimeter defence of most people's networks.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

On Mon, 23 Jun 2014 13:14:10 +0100, Brian Gaff wrote:

Also I was querying why our office which uses bt as its email provider
hasLive mail set up to pump all the email into Microsofts servers, then
back out again.

NSA/GCHQ ... B-)

Are BT now using Microsoft servers?

*Retail* BT used to use Yahhoo! but switched a while back to a
provider also based in the US. Not bothered to look at who owns
them...

--
Cheers
Dave.

On Mon, 23 Jun 2014 17:19:54 +0100, John Rumm wrote:

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has
then
relayed it back to me. WTF! If it's doing that what else is it
doing,
without me knowing?

Some NAS boxes have the option of using an "internal" email system for
replaying messages -

I've calmed down a bit now. Dug into the config and set the thing to
use my server.

... it saves the user needing to setup details of an SMTP server and
knowing the credentials etc.

Bloody sheeple, shouldn't be allowed things they can't configure
properly. They only need the information that every other device/app
needs to send/recieve mail, in fact for this it only needs the send
info.

Of course the sheeple don't have a local mail server, they rely on
their ISP, Gmail or WHY.

--
Cheers
Dave.

On Tue, 24 Jun 2014 08:20:21 +0100 (BST), "Dave Liquorice"
wrote:

On Mon, 23 Jun 2014 17:19:54 +0100, John Rumm wrote:

Looking at that email header the NAS has sent some information
(perhaps only the email) to some place in the internet that has
then
relayed it back to me. WTF! If it's doing that what else is it
doing,
without me knowing?

Some NAS boxes have the option of using an "internal" email system for
replaying messages -

I've calmed down a bit now. Dug into the config and set the thing to
use my server.

... it saves the user needing to setup details of an SMTP server and
knowing the credentials etc.

Bloody sheeple, shouldn't be allowed things they can't configure
properly. They only need the information that every other device/app
needs to send/recieve mail, in fact for this it only needs the send
info.

Of course the sheeple don't have a local mail server, they rely on
their ISP, Gmail or WHY.

Although I don't consider myself as 'sheeple', I too don't have a
local mailserver so rely on N4F to email SMART alerts via my ISP's
mail server.

I don't have any illusions over these reports being read by GCHQ/NSA
but it's only when a genuine alert pops up that they're likely to tie
the information into an online purchase (serial or model numbers) and
eventually identify me as the source of many SMART test mailings (in
quadruplicate every time I restart the NAS box about once every 3 or 4
months as a consequence of a firmware update).

TBH, I'm not bothered by this aspect of the NAS 'leaking information'
to a potential MITM exploit. There are many other ways that the
security organisations can tap into your on-line presence no matter
how minimalistic you try to be in providing 'personal information' in
any on-line transactions.
--
J B Good