Keith via plug on 12 Jan 2021 10:59:07 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Ubiquiti breach


On 1/12/21 1:46 PM, JP Vossen via plug wrote:

https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ says:     ... "a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear." ...     ... "The warning from Ubiquiti carries particular significance because the company has made it fairly difficult for customers using the latest Ubiquiti firmware to interact with their devices without first authenticating through the company’s cloud-based systems." ...

:-/

That link is misleading because you do NOT ***have to*** use Ubiquiti's cloud infrastructure to manage your Ubiquiti devices. I certainly never have (and never will).  Updating the firmware is not an issue either and there is no authentication to get it. It's a public download without a login (if you don't or can't use their repository).

That's the proper way to do things...

...or as the Madalorian's would say, "this is the way"  ;)


On 1/12/21 12:44 PM, Keith C. Perry via plug wrote:
I saw this too and agree, nothing to see here if are doing "proper security".  By that I mean, NOT using cloud <Carlin's 7 bad words * 5 ^ 10> to "manage" your network.

These days, I just chuckle went I see stuff like this.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com

----- Original Message -----
From: "Rich Freeman via plug" <plug@lists.phillylinux.org>
To: "jeffv" <jeffv@op.net>
Cc: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, January 12, 2021 11:17:42 AM
Subject: Re: [PLUG] Ubiquiti breach

On Tue, Jan 12, 2021 at 9:53 AM jeffv via plug
<plug@lists.phillylinux.org> wrote:

Ubiquiti tells customers to change passwords after security breach


Saw that.  As far as I can tell it only impacts their website (online
shopping, forums, support, etc), and has nothing to do with their
products themselves (such as passwords for
routers/consoles/webinterfaces/etc).  Just to be safe I changed my
UniFi passwords anyway since they're random, but I don't think UniFi
relies on any kind of cloud-based authentication.  If you use their
app there is some kind of cloud-based discovery (I forget how it
works), but I think the actual authentication is vs your local
credentials in the controller.  Maybe it uses your cloud account for
the discovery bit, so that would potentially tell somebody who
compromises it the external IPs of your router, or maybe let them
knock on the front door of your management interface on the
controller.
Later,
JP
-- -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  -- http://lists.phillylinux.org/mailman/listinfo/plug

--
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug