ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Miscellaneous Tech News

    Scheduled Pinned Locked Moved News
    7.4k Posts 83 Posters 3.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1
      last edited by

      I got the email from Ubiquiti today:

      Dear Customer,

      We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

      We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

      As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

      Ugh.

      nadnerBN dafyreD 2 Replies Last reply Reply Quote 0
      • nadnerBN
        nadnerB @travisdh1
        last edited by

        @travisdh1 said in Miscellaneous Tech News:

        I got the email from Ubiquiti today:

        Dear Customer,

        We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

        We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

        As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

        Ugh.

        https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/

        1 Reply Last reply Reply Quote 1
        • ObsolesceO
          Obsolesce
          last edited by

          70TB of Parler users’ messages, videos, and posts leaked by security researchers

          The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

          DustinB3403D JaredBuschJ 1 3 Replies Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @Obsolesce
            last edited by

            @Obsolesce 80TB according to Arstechnica

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch
              last edited by

              File under: Fucking Duh.....

              https://www.cnbc.com/2021/01/12/signal-telegram-downloads-surge-after-update-to-whatsapp-data-policy.html

              Signal and Telegram downloads surge after WhatsApp says it will share data with Facebook

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @Obsolesce
                last edited by

                @Obsolesce said in Miscellaneous Tech News:

                70TB of Parler users’ messages, videos, and posts leaked by security researchers

                The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

                Maybe they should have actually hired a professional or three instead Billy Bob’s web and app design.

                One article said they were using the free tier of twilio for something also.

                1 Reply Last reply Reply Quote 0
                • 1
                  1337 @Obsolesce
                  last edited by

                  @Obsolesce said in Miscellaneous Tech News:

                  70TB of Parler users’ messages, videos, and posts leaked by security researchers

                  The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

                  Security researchers don't leak information. They let the platform know they found a leak and work with them to close it.

                  If they leak information, they are be definition hackers (crackers, black hats, hacktivists etc).

                  DustinB3403D 1 Reply Last reply Reply Quote 1
                  • ObsolesceO
                    Obsolesce
                    last edited by

                    Youtube Video

                    1 Reply Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @1337
                      last edited by

                      @Pete-S said in Miscellaneous Tech News:

                      @Obsolesce said in Miscellaneous Tech News:

                      70TB of Parler users’ messages, videos, and posts leaked by security researchers

                      The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

                      Security researchers don't leak information. They let the platform know they found a leak and work with them to close it.

                      If they leak information, they are be definition hackers (crackers, black hats, hacktivists etc).

                      At what point does someone go from being a security researcher who's raised the red flag to a platform who apparently refuses to fix simple but large vulnerabilities to a black-hat?

                      There are numerous cases of White-Hats saying "hey we gave them months to fix this issue and we were continually ignored, for the security of the users, we're making this public to get the platform to fix this issue"

                      DashrenderD 1 scottalanmillerS 3 Replies Last reply Reply Quote 0
                      • dafyreD
                        dafyre @travisdh1
                        last edited by

                        @travisdh1 said in Miscellaneous Tech News:

                        I got the email from Ubiquiti today:

                        Dear Customer,

                        We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.

                        We are not currently aware of evidence of access to any databases that host user data, but we cannot be certain that user data has not been exposed. This data may include your name, email address, and the one-way encrypted password to your account (in technical terms, the passwords are hashed and salted). The data may also include your address and phone number if you have provided that to us.

                        As a precaution, we encourage you to change your password. We recommend that you also change your password on any website where you use the same user ID or password. Finally, we recommend that you enable two-factor authentication on your Ubiquiti accounts if you have not already done so.

                        Ugh.

                        Yepp.... I got one too. I suppose that I should go change my password.

                        DustinB3403D 1 Reply Last reply Reply Quote 1
                        • DustinB3403D
                          DustinB3403 @dafyre
                          last edited by

                          @dafyre said in Miscellaneous Tech News:

                          Yepp.... I got one too. I suppose that I should go change my password.

                          Yeah it took seconds. Hope onto that

                          dafyreD 1 Reply Last reply Reply Quote 0
                          • dafyreD
                            dafyre @DustinB3403
                            last edited by

                            @DustinB3403 said in Miscellaneous Tech News:

                            @dafyre said in Miscellaneous Tech News:

                            Yepp.... I got one too. I suppose that I should go change my password.

                            Yeah it took seconds. Hope onto that

                            I'm not sure what my password is anyway, lol. I should check my password manager and see if it knows, lol.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @DustinB3403
                              last edited by Dashrender

                              @DustinB3403 said in Miscellaneous Tech News:

                              @Pete-S said in Miscellaneous Tech News:

                              @Obsolesce said in Miscellaneous Tech News:

                              70TB of Parler users’ messages, videos, and posts leaked by security researchers

                              The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

                              Security researchers don't leak information. They let the platform know they found a leak and work with them to close it.

                              If they leak information, they are be definition hackers (crackers, black hats, hacktivists etc).

                              At what point does someone go from being a security researcher who's raised the red flag to a platform who apparently refuses to fix simple but large vulnerabilities to a black-hat?

                              There are numerous cases of White-Hats saying "hey we gave them months to fix this issue and we were continually ignored, for the security of the users, we're making this public to get the platform to fix this issue"

                              You are a black hat when you're main goal is to simply steal and dump or steal and do other bad things.

                              No one is calling Google's Project Zero hackers/black hats because they give a, what 90 day window to companies to fix their shit before they post about it.

                              But really, if you're white - YOU should never dump someone else's data. Period. Dumping is very likely an act that is over the line and makes you a black hat.

                              You don't need to dump their data to embarrass the hell out of a company... just tell the world about them, and post how you found said data - others will go and pull it out and post it...

                              scottalanmillerS 4 Replies Last reply Reply Quote 1
                              • 1
                                1337 @DustinB3403
                                last edited by

                                @DustinB3403 said in Miscellaneous Tech News:

                                At what point does someone go from being a security researcher who's raised the red flag to a platform who apparently refuses to fix simple but large vulnerabilities to a black-hat?
                                There are numerous cases of White-Hats saying "hey we gave them months to fix this issue and we were continually ignored, for the security of the users, we're making this public to get the platform to fix this issue"

                                The difference between a hacker and a security researcher is the intent.

                                This is from the arstechnica article:
                                "To recap, the scraping was pulled off by a hacker who goes by the handle donk_enby. She originally set out to archive content posted to Parler last Wednesday in hopes of preserving self-incriminating material before account holders came to their senses and deleted it."

                                That is obviously not security research in any way shape or form.

                                donk_enby goes on:
                                “I want this to be a big middle finger to those who say hacking shouldn’t be political,”

                                So a hacktivist.

                                scottalanmillerS 2 Replies Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller @1337
                                  last edited by

                                  @Pete-S said in Miscellaneous Tech News:

                                  That is obviously not security research in any way shape or form.

                                  Not from the technical side. But in a weird way, it's like a technical hacker using hacking to do social security research.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @JaredBusch
                                    last edited by

                                    @JaredBusch said in Miscellaneous Tech News:

                                    File under: Fucking Duh.....

                                    https://www.cnbc.com/2021/01/12/signal-telegram-downloads-surge-after-update-to-whatsapp-data-policy.html

                                    Signal and Telegram downloads surge after WhatsApp says it will share data with Facebook

                                    That explains why my Telegram is blowing up with new members.

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Miscellaneous Tech News:

                                      @Pete-S said in Miscellaneous Tech News:

                                      @Obsolesce said in Miscellaneous Tech News:

                                      70TB of Parler users’ messages, videos, and posts leaked by security researchers

                                      The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken

                                      Security researchers don't leak information. They let the platform know they found a leak and work with them to close it.

                                      If they leak information, they are be definition hackers (crackers, black hats, hacktivists etc).

                                      At what point does someone go from being a security researcher who's raised the red flag to a platform who apparently refuses to fix simple but large vulnerabilities to a black-hat?

                                      There are numerous cases of White-Hats saying "hey we gave them months to fix this issue and we were continually ignored, for the security of the users, we're making this public to get the platform to fix this issue"

                                      Well, at some point, maybe you are both. One person's researcher is another person's black hat. To me, as a customer, knowing that vendor X has a vulnerability and that I need to be aware of it is research. To that vendor, sharing their mistakes might be perceived as black hat.

                                      It's a bit like terrorism. Every terrorist is someone's army. What we called Patriots in the American Revolution, the British considered terrorists. It's all perspective.

                                      So in one sense, every white hat is also a black hat. If you find a vulnerability and tell the vendor, and not the customers, you are a black hat to their customers, but a white hat to the vendor. If you tell the customers before the vendor has a fix, you are a black hat to the vendor, and a white had to the customers.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @1337
                                        last edited by

                                        @Pete-S said in Miscellaneous Tech News:

                                        So a hacktivist.

                                        Something we could say about anyone in a white hat, in a way.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said in Miscellaneous Tech News:

                                          You are a black hat when you're main goal is to simply steal and dump or steal and do other bad things.

                                          This is true and simple. But what about if you get the data and don't share it with the people impacted? Isn't that also a black hat move? To conceal a known vulnerability that others might be using to steal data to protect a vendor?

                                          Not that it's only about protecting a vendor, but that's a huge force at play in those cases.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said in Miscellaneous Tech News:

                                            No one is calling Google's Project Zero hackers/black hats because they give a, what 90 day window to companies to fix their shit before they post about it.

                                            I call that black hat, absolutely. Because they know that customers are at risk and don't tell them. Maybe it's the right decision, maybe it is not, but that's 90 days of wearing a black hat if I'm a customer and they are holding secret information about how to breach me and they've chosen to tell someone other than me, the customer.

                                            As a customer, I have more right to be told than anyone and I believe telling vendors before customers should be considered a crime. I don't agree with the "black hat for a while" thing that people have sold.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 360
                                            • 361
                                            • 362
                                            • 363
                                            • 364
                                            • 372
                                            • 373
                                            • 362 / 373
                                            • First post
                                              Last post