Ubiquiti has been h4x0r3d

Discussion in 'Site Announcements' started by sec_monkey, Jan 13, 2021 at 13:26.


  1. sec_monkey

    sec_monkey SM Security Administrator

  2. ghrit

    ghrit Bad company Administrator Founding Member

  3. Tempstar

    Tempstar Old and crochety Site Supporter+

    Mikrotik all the way....
     
  4. sec_monkey

    sec_monkey SM Security Administrator

    russian and other hax0rz have compromised both repeatedly
     
  5. Dont

    Dont Just another old gray Jarhead Monkey Site Supporter+++

    I don't have them, I think. or??? Some things can sneak in one ya.
     
  6. RouteClearance

    RouteClearance Monkey+++

    Even though I have Cloud with my Apple and .edu account, I never have used it.
    My digital redundancy lies in three 12tb external hdd’s. One stored inside my home, second stored in my unattached workshop, and the third at a burial cache at my BOL. I back up any digital files once a month, important files right away. All three hdd’s are stored in Pelican cases.
     
    Altoidfishfins likes this.
  7. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    Not all Ubiuiti networking products are impacted. Unifi, which is their commercial best seller is definitely impacted. It's designed to be "plug and play" so everything depends on discovery protocols and cloud based management. I wouldn't touch it with a ten foot pole. This incident was inevitable and it won't be the last time.

    I'm using Ubiuiti Edge products and don't use any of their cloud based bullhockie so am not impacted. There is a semi Unifi like management tool, but it can be run as an internal application. I don't use it and frankly want to get to the point where I'm using the CLI instead of the GUI, so I'm going the opposite direction. Guess I'm more of a stick shift kind of guy. Still learnin...

    UniFi = black box believe button products therefore promiscuous due to network discovery protocols. Designed to make semi competent techs look good because of a slick GUI. Not as flexible or as configurable as Edge.

    Edge = traditional fully managed and configurable. Does not need network discovery protocols because the people who use these products already know what they have. Requires actual planning and engineering.
     
  8. BTPost

    BTPost Stumpy Old Fart Snow Monkey Moderator

    I use the Edge Products as well... Great Hardware...
     
  9. Altoidfishfins

    Altoidfishfins Monkey+++ Site Supporter+

    Just got a VPN, my first experience with one.
    Bit of a chore setting it up on Linux but it's done now on both desktop and dual-boot laptop.

    IMHO, anyone who trusts any "cloud" with critical information is unaware and naive. That's good for your doggie pictures maybe.

    Good point @RouteClearance about keeping a third HDD backup at the BOL. I currently have one on my Linux Hard Drive, a copy on an external Hard Drive.

    Figured if things get hairy and I have to bug out I can simply unplug the external hard drive and pack it up.

    Question is, will I remember to do that? You just found a hole in my bugout plan RC, thanks!
     
    Last edited: Jan 15, 2021 at 11:31
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7