It seems like a reasonable solution to me. And if they're well-armed,
it will also be quite secure.
On Tue, Mar 30, 2021 at 3:25 PM Steve Jones <thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>> wrote:
Im am unopposed to this
On Tue, Mar 30, 2021 at 2:49 PM Mike Hammett <af...@ics-il.net
<mailto:af...@ics-il.net>> wrote:
Well right, but there's not really any way around that, short
of having a bunch of midgets you keep stacked in the basement
with passwords written on their foreheads and you summon them
by yelling the name of the site or service you need the
password for.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Mathew Howard" <mhoward...@gmail.com
<mailto:mhoward...@gmail.com>>
*To: *"AnimalFarm Microwave Users Group" <af@af.afmug.com
<mailto:af@af.afmug.com>>
*Sent: *Tuesday, March 30, 2021 2:42:19 PM
*Subject: *Re: [AFMUG] Ubiquiti played fast and loose with the
truth?
I think Steve's point is that if you have all of your stuff
stored in one place, if somebody gets access to that place,
they have all your stuff. Whether that place is Lastpass, a
TXT file or a forehead isn't particularly important.
On Tue, Mar 30, 2021 at 2:23 PM Mike Hammett <af...@ics-il.net
<mailto:af...@ics-il.net>> wrote:
Right, I read that. That doesn't mean anything. It could
have just as well said that they were previously stored in
a TXT file on the desktop or written backwards on the
SysAdmin's forehead.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Steve Jones" <thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>>
*To: *"AnimalFarm Microwave Users Group" <af@af.afmug.com
<mailto:af@af.afmug.com>>
*Sent: *Tuesday, March 30, 2021 2:18:41 PM
*Subject: *Re: [AFMUG] Ubiquiti played fast and loose with
the truth?
from the sounds of it thats how they gained the access
Adam says the attacker(s) had access to privileged
credentials that were previously stored in the LastPass
<https://en.wikipedia.org/wiki/LastPass> account of a
Ubiquiti IT employee, and gained root administrator access
to all Ubiquiti AWS accounts, including all S3 data
buckets, all application logs, all databases, all user
database credentials, and secrets required to forge single
sign-on (SSO) cookies.
On Tue, Mar 30, 2021 at 2:10 PM Mike Hammett
<af...@ics-il.net <mailto:af...@ics-il.net>> wrote:
I don't know that LastPass really had anything to do
with it, other than that's where someone stored a
password.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Steve Jones" <thatoneguyst...@gmail.com
<mailto:thatoneguyst...@gmail.com>>
*To: *"AnimalFarm Microwave Users Group"
<af@af.afmug.com <mailto:af@af.afmug.com>>
*Sent: *Tuesday, March 30, 2021 2:06:13 PM
*Subject: *Re: [AFMUG] Ubiquiti played fast and loose
with the truth?
hahaha, lastpass. I like to keep all eggs in a single
basket, that way when i have both hands in the cookie
jar, all a guy need to do is walk off with the basket
and make an omelette
On Tue, Mar 30, 2021 at 1:59 PM Cameron Crum
<cc...@murcevilo.com <mailto:cc...@murcevilo.com>> wrote:
We are shocked. SHOCKED I say!
On Tue, Mar 30, 2021 at 1:18 PM Robert Andrews
<i...@avantwireless.com
<mailto:i...@avantwireless.com>> wrote:
I guess I should have not just put in a link
without commenting...
So:
Why am I surprised?
On 03/30/2021 11:15 AM, Robert Andrews wrote:
>
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
<https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/>
>
>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>
--
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
<http://af.afmug.com/mailman/listinfo/af_af.afmug.com>