HP Firmware Self Destructs
Uptime Bug Risks Huge Data Loss for HP Customers
HP firmware issue: The technology manufacturer Hewlett Packard has announced a firmware issue that could affect thousands of enterprise users. A series of solid-state drives sold by the company, at their 32,768th hour of operation will fail and potentially cause massive and irretrievable data loss.
The “critical firmware update” needed to avert the SSD uptime bug, was announced by the manufacturer with the warning that should customers and systems administrators fail to implement the firmware fix within the almost 4 year window of operation, “ neither the SSD nor the data can be recovered.”
Additionally, any SSDs operationalised at the same time (a real possibility in many enterprises), will likely fail at the same moment – meaning backups made to the same hardware will also be lost.
Integrity and Availability
The cause of this HP firmware issue is likely a simple, yet avoidable mistake of trying to save memory by only programming what is known as a signed integer, to a bit length not fit for purpose. Essentially a minor version of the same problem that caused the fateful ‘millennium bug’, it is somewhat surprising that bugs such as this still make it out into the wild.
Though it’s likely that most system admins will patch the bug in time, this announcement is a stark warning to those using uniform hardware and firmware across their networks. As we all know, the implementation of reliable backup systems is critical to enterprises who take information security seriously.
The infosec trinity of Confidentiality, Integrity and Availability (CIA) is greatly dependant on a good degree of forward thinking and contingency planning. Principles that are well illustrated by preventable bugs such as this.
The Importance of Backups
Secure and reliable backing up should be considered a fundamental to any Information Security Officer (ISO) and Chief Technical Officer (CTO), though to the average user, the importance of this practice can sometimes be lost.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Featured
Spear Phishing Series part 1: How a Spear-Phishing Email is Created
How is a spear-phishing email created? Cybersecurity blog from information security awareness training provider Hut Six Security.
Information Security vs Cyber Security: What’s the Difference?
How is it that information security and cyber security differ, and why is it that people frequently use these terms interchangeably?
The Cost of Poor Information Security
Facebook ICO fine and the cost of poor information security. Blog from information security awareness training provider Hut Six Security.
Cyber Security Awareness Month: Once a year, all year.
Cyber security Awareness month creates a problem in focus for companies. Blog from information security awareness training provider Hut Six Security.
New from Hut Six: Scenario-based branching Tutorials
Cybersecurity training modules that give the user the ability to test their skills. Blog from information security awareness training provider Hut Six.
Micro-businesses are underestimating social engineering
Are micro businesses underestimating social engineering? Blog from information security awareness training provider Hut Six Security.
General Data Protection Regulation
What does General Data Protection Regulation mean for my business? GDPR Blog from information security awareness training provider Hut Six Security.
UK Government - a failure of attention and funding in Cybersecurity?
Blog covering the NHS ransomware attack on the NHS Lanarkshire trust. Blog from information security awareness training provider Hut Six Security.