Notices by cR0w (cr0w@infosec.exchange)

@kajer I've said it before and I'll say it again: Ubiquiti is the Tesla of network gear.

@jornane @The_Turtle_Moves @dalias "You must click this link to learn why you must never click links."

@edolnx I don't know of an existing reliable solution, but I think @ryanc deployed one in the past. Maybe they have some pointers.

PAN Then: We don't know that there is a vulnerability. It's all rumors.

PAN Now: There's an unauth RCE that we have observed and do not have a fix for, but we told you to segment so it's your fault if you get pwned.

@danrubins @GossiTheDog If you have older logs, it may be worth looking back further. I've seen it going since at least July with my tenants.

@ryanc You mean the same way they already do their geo lookups? Seems simple enough to me when you already have the update mechanism in place.

@ryanc It's maddening how few security appliances have this basic feature.

@ryanc :flan_set_fire:

@patrickcmiller I am the 14%. That's a sad number. :-(

@ryanc git ret

@ryanc That makes sense. I was more thinking about how it's nice to get a little bit of insight into some of the inner workings of a device before you purchase it.

@ryanc @munin Satan's punishment for anti-queer stuff. 😈

Has anyone ever seen anything legitimate coming out of Stark Industries ( AS44477 )? It's been over a year of "don't block, just in case" at a couple sites, but I have yet to see anything worth allowing from them. And with more of their IPs geolocating to the US, they're getting around geoblocks.

#directoryTraversalMemes

Someone woke up and chose violence and I'm here for it.

https://www.fox13seattle.com/news/seattle-top-pizza-city-study

@mattly Honestly, why even stop at three digits per octet?

Y'all realize the whole IPv4 shortage is just manufactured scarcity to allow ISPs and cloud hosting companies to charge more, right? If IANA would allow us to go above 255 in each octet, we would have more than enough addresses to go around and not have to mess around with NAT and IPv6.

@jerry

@GossiTheDog In before the 1337 INFOSEC nerds denigrate them as "script kiddies" again despite being more effective than the "professionals" ever will be.

@ryanc When I worked in PHYSEC, we only used Axis in high risk and high value locations. That was nearly a decade ago so grain of salt, but I agree that they're generally worth it. Just keep them off the damn Internet. 😆