JP Vossen via plug on 12 Jan 2021 10:46:51 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Ubiquiti breach |
https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ says: ... "a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear." ... ... "The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems." ... :-/ On 1/12/21 12:44 PM, Keith C. Perry via plug wrote:
I saw this too and agree, nothing to see here if are doing "proper security". By that I mean, NOT using cloud <Carlin's 7 bad words * 5 ^ 10> to "manage" your network. These days, I just chuckle went I see stuff like this. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ----- Original Message ----- From: "Rich Freeman via plug" <plug@lists.phillylinux.org> To: "jeffv" <jeffv@op.net> Cc: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> Sent: Tuesday, January 12, 2021 11:17:42 AM Subject: Re: [PLUG] Ubiquiti breach On Tue, Jan 12, 2021 at 9:53 AM jeffv via plug <plug@lists.phillylinux.org> wrote:Ubiquiti tells customers to change passwords after security breachSaw that. As far as I can tell it only impacts their website (online shopping, forums, support, etc), and has nothing to do with their products themselves (such as passwords for routers/consoles/webinterfaces/etc). Just to be safe I changed my UniFi passwords anyway since they're random, but I don't think UniFi relies on any kind of cloud-based authentication. If you use their app there is some kind of cloud-based discovery (I forget how it works), but I think the actual authentication is vs your local credentials in the controller. Maybe it uses your cloud account for the discovery bit, so that would potentially tell somebody who compromises it the external IPs of your router, or maybe let them knock on the front door of your management interface on the controller.
Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug