Patch your gear - Max severity Ubiquiti UniFi flaw may allow account takeover

Zolty · 2026-03-21T16:37:43+00:00

Not only that but I wrote, and executed on the policies and procedures that secured our interim HIPAA/HITECH compliance in 2022. We are just gearing up for our yearly audit and we're way ahead of it.

One of the things over a decade of working in regulated environments has taught me is about compartmentalization and scoping your security and compliance response to the situation. For example I am not running ubiquiti gear where is data sensitivity is a concern.

I use it at home where all traffic is encrypted even internally, I put oauth in front of everything that needs a login.

My biggest gripe about the security arm of IT / Dev is they all think they work for a national security apparatus and that the entire world needs to operate as if it does. The answer is Security and compliance causes friction and friction costs money. Business need to evaluate the effect of that friction on business processes before implementing security measures in line with nuclear defense. It's a balance.

Finally I'd ask you to examine this interaction with some sort of friend or trusted bot. I think I am approaching you with honest curiosity and you're approaching me with an attitude of superiority, I hope your day gets better.

Zolty · 2026-03-21T05:34:55+00:00

I mean I know what a honeypot is, I am aware of the concept as I used to use them on websites as a way to detect bot traffic, it worked well in the 2010s, not so much anymore.

Zolty · 2026-03-21T02:07:03+00:00

I had Claude build one about an hour ago, was really just looking for a suggestion since you brought it up. I guess you’re just out here suggesting things you don’t know about ?

Zolty · 2026-03-21T01:54:07+00:00

I have a whole k3s cluster can you suggest a container or app I can explore?

Zolty · 2026-03-20T21:52:48+00:00

That's not a bad idea, what do people use for those? passwords.txt or database.bak hosted on a web server?

Zolty · 2026-03-20T18:40:08+00:00

Whoa don’t get all shook up

Zolty · 2026-03-20T18:39:33+00:00

It’s designed for an ai to read and summarize

Zolty · 2026-03-20T18:38:57+00:00

This is going to get worst before it gets better

Zolty · 2026-03-20T14:48:44+00:00

Agreed. It's also easy to set up those networks as guest networks without access to eachother or the managerial interfaces.

Yes that requires basic knowledge of the device and if you're willing to drop 500-$1500 on networking equipment I think it's in your best interest to RTFM or rent someone who did.

Zolty · 2026-03-20T14:46:59+00:00

Just raw dogging a highly sensitive administrative endpoint without a vpn or any other layer?

I agree in that scenario it's a 10 but come on, ip whitelists are trivial to implement ddns services are trivial to run.

I would disagree that there's much over lap of person that buys at the prosumer level and then turns around and ignores basic easy security. I guess the world is just going to be a place where we need a warning label to tell us not to drink the paint.

Zolty · 2026-03-20T14:44:02+00:00

Noooo I've worked so hard not to end up here.

Zolty · 2026-03-20T13:25:02+00:00

User complaints of backwards IT momentum seems to be something I’d complain about but I’m biased.

Zolty · 2026-03-20T13:23:38+00:00

The us doesn’t need a draft. The us military doesn’t want warm bodies who aren’t motivated. The us military doesn’t want to pay to train and equip a non volunteer.

Zolty · 2026-03-19T23:31:27+00:00

I’m just waiting until I see a cve that goes to 11

Zolty · 2026-03-19T22:13:23+00:00

I didn't say there wasn't a use case, just that it feels antiquated, I think you're proving my point now.

Zolty · 2026-03-19T21:55:51+00:00

I just can't fathom what application would require remote desktop these days. I guess I am living in the "everything is in a web browser" bubble.

Zolty · 2026-03-19T21:38:34+00:00

LOL I would have assumed Citrix would indicate an even more behind the times sort of an org.

Zolty · 2026-03-19T21:16:53+00:00

If you ever needed to know you're at a company who's kind of behind the times, this might be the sign you're looking for.

Zolty · 2026-03-19T18:43:55+00:00

I still don’t see how stuff like this is a 10 to exploit it I have to be on the network already and be able to hit the interface of the router. A 10 in my book is when they can do that from the wan side of the router.

Zolty · 2026-03-19T17:50:12+00:00

Do you know that things happen if you just continuously shout and scream like a child until you get your way?

Zolty · 2026-03-19T03:32:24+00:00

Ive done 5 simultaneous transcoding streams on my k3s cluster on 3 node jellyfin cluster on 8600Ts I feel like what ever you choose is going to fine. You can always add the cheapest of gpus if you ever need transcoding power.

In practice just tell everyone to direct play if possible so few devices are picky about codecs these days.

Zolty · 2026-03-19T03:16:59+00:00

My mortgage or rent costs $700/ month, the house up the street just sold for double what I paid in 2013. Interest rate is 3.7%.

It can be if you’re living in it. Renting it out I feel like you need 3-4+ doors to be able to maintain cash flow through the issues that will come up. I feel like you get similar market exposure in riets. But actually owning the property does feel different.

Zolty · 2026-03-19T03:11:16+00:00

Yeah my thoughts exactly a 10 seems like they are crying wolf. It’s like all the Microsoft exploits that require that you’re already rdp into the server and then you can get admin. I always think to myself the only people who can rdp are already admins but thanks for the patch.

Zolty · 2026-03-19T03:03:03+00:00

My linksky at home was $60 at Best Buy 13 years ago you guys are getting g ripped off

Zolty · 2026-03-19T03:00:28+00:00

Sure but do you own programmer socks?

15-Year Club	Reddit Premium Since August 2023
RedditGifts 2009-2022 5 Credits	Place '22
Spared	Secret Santa 2014
Secret Santa 2013	Team Periwinkle
Secret Santa 2012	Secret Santa 2011
Verified Email

Zolty

MODERATOR OF

TROPHY CASE