This year has seen an unprecedented number of digital attacks. A couple months ago, my network vendor of choice, @Ubiquiti , was hit by a breach. Now, more information has been published over at @arstechnica . I am now looking into replacing my Unifi gear due to this incident. Take a look: arstechnica.com/gadgets/2021/0

@itguyeric No defense of Ubiquiti from me, but aren't we supposed to assume all networking gear is APT'd to hell and back, so encrypting everything is on us? @aag @thegibson

Follow

@alrs @aag @thegibson I agree it’s up to us to secure our traffic. My goal though is to not have to create cloud accounts on some one else’s server just so my light or wireless speaker can work as intended.

@itguyeric @alrs @aag

Every device and service gets pwned.

It's how you handle the response that matters, and UBNT did muck that one up pretty bad.

I'll still be using their equipment... because anything else I buy will have similar issues.

Take Cisco for example...

just make a note that I said Cisco later.

@itguyeric @alrs @aag

All that said... You have every right to be angry about it.... They responded abysmally.

but any other product you use in these roles will have intrinsic weaknesses. even the open source ones(although I suspect they will be a rarer occurrence).

The truth is that there is not a profit model in securing code. Make that make money (or conversely punish it in some real and measurable fashion) and you'll get better results.

This is a bigger problem than just UBNT.

@thegibson @itguyeric @aag It helps that "cyber-insurance" usually doesn't cover attacks from nation-states. Hopefully someday soon it will just be flat-out illegal to buy or sell insurance against hacks. hbr.org/2020/10/does-your-cybe

@thegibson @itguyeric @aag imagine the effect on IT salaries if businesses actually had to give a shit about #infosec :)

@alrs @itguyeric @aag

I hate the cyber insurance industry... If you knew the things I've seen...

literal Cyber-ambulance chasers... legal firms pretending to be "security consultancies" for the purpose of defending either the victims or the insurance company... clients asking us to make assessment adjustments based on their legal advisors...

on and on.

it is a pox on our house.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!