Thursday, April 1, 2021

According to Whistleblower Who has gone Public, Ubiquiti Networks Breach was "Catastrophic"

 



As a guy who spends a fair amount of his time exploring the security side of technology, I *love* the website run by Brian Krebs.  Brian worked for the Washington Post for 14 years before striking out on his own path as a security reporter.  Since then he has broken some amazing stories and is always on the leading edge of stories that impact our technologies.  Basically when Brian speaks (or writes) I listen simply because he has an amazing Rolodex full of the best security experts in the business.  I don't refer to him here frequently, but I am reading his website on a regular basis.

The Ubiquiti Networks story was a fairly big deal around the late 2020 to early 2021 timeframe, but then sort of faded from the public conscience.  That's one of the problems with this whole subject of digital security.  Our society has gotten so used to poor operational security, that we hardly even register a blip when there is a data security incident.

Yet, occasionally a company will have a breach and the details continue to get worse.  This is one of those occasions.  It seems that someone behind the scenes of this particular incident became discouraged with the way it was handled and ended up going to Brian Krebs in an effort to get the facts of the story out.

I'm not going to repeat Brian's story here, but I highly advise you head over to this website to learn all of the things Brian learned.  It's a fascinating read!

2 comments:

  1. Thanks for your insight for your fantastic posting. I’m glad I have taken the time to see this. Invisalign Rugby

    ReplyDelete
  2. I was so tempted to use their gear in our deployments because of the cost, but after looking at their development process, the cloud lock-in, and all the issues in their forums, we decided to use their switches and WAPs. And those devices are firewalled off from ever talking to the internet. No USGs anywhere. What a dumpsterfire.

    ReplyDelete