This year has seen an unprecedented number of digital attacks. A couple months ago, my network vendor of choice, @Ubiquiti , was hit by a breach. Now, more information has been published over at @arstechnica . I am now looking into replacing my Unifi gear due to this incident. Take a look: https://arstechnica.com/gadgets/2021/03/ubiquiti-breach-puts-countless-cloud-based-devices-at-risk-of-takeover
Every device and service gets pwned.
It's how you handle the response that matters, and UBNT did muck that one up pretty bad.
I'll still be using their equipment... because anything else I buy will have similar issues.
Take Cisco for example...
just make a note that I said Cisco later.
All that said... You have every right to be angry about it.... They responded abysmally.
but any other product you use in these roles will have intrinsic weaknesses. even the open source ones(although I suspect they will be a rarer occurrence).
The truth is that there is not a profit model in securing code. Make that make money (or conversely punish it in some real and measurable fashion) and you'll get better results.
This is a bigger problem than just UBNT.
@thegibson @itguyeric @aag It helps that "cyber-insurance" usually doesn't cover attacks from nation-states. Hopefully someday soon it will just be flat-out illegal to buy or sell insurance against hacks. https://hbr.org/2020/10/does-your-cyber-insurance-cover-a-state-sponsored-attack
I hate the cyber insurance industry... If you knew the things I've seen...
literal Cyber-ambulance chasers... legal firms pretending to be "security consultancies" for the purpose of defending either the victims or the insurance company... clients asking us to make assessment adjustments based on their legal advisors...
on and on.
it is a pox on our house.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!