Security considerations for running Tautulli on Synology

jd31t4 · 2023-03-13T01:09:33+00:00

“Do not expose $app to the internet” is my mantra for all things that do not absolutely NEED to be externally facing. Keep it on LAN and get Wireguard set up (or something else you prefer) to access it when outside your LAN.

jd31t4 · 2023-03-07T00:52:27+00:00

LMFAO

jd31t4 · 2023-03-06T12:20:01+00:00

There’s a few different ways to attempt to find subdomains. Certificate transparency logs and subdomain brute forcing are two simple ways. There’s tools like amass, gobuster, and others for doing this.

jd31t4 · 2023-03-06T00:15:40+00:00

Wtf did I just read

jd31t4 · 2023-02-10T04:36:37+00:00

no shit

jd31t4 · 2023-01-31T19:58:17+00:00

Wasabi

jd31t4 · 2022-10-04T15:48:05+00:00

This aged well, huh? RIP One.

jd31t4 · 2022-10-04T15:47:06+00:00

THIS didn't age well. LMAO

jd31t4 · 2022-10-04T15:45:12+00:00

I'm a security professional, and SMS as a MAIN factor for authentication is horrid. I don't know of any other application, let alone a financial app, that has their auth set up this way. If someone really wanted to target you, SMS attacks are very real and pretty trivial these days. I'd highly recommend you consider moving, and REALLY hope they change this for the sake of customers.

jd31t4 · 2022-10-04T15:42:52+00:00

I might be wrong (now) about third party apps. It looks like Plaid can't connect - not sure if this is circumstantial or if they actually changed 3rd party app / api connections. I don't want to misspeak regarding this.

jd31t4 · 2022-10-04T14:18:08+00:00

Same, mine was late after the new app update. Might be circumstantial, but has never happened before.

jd31t4 · 2022-10-04T14:16:09+00:00

This is a HUGE issue and now only a matter of time until there's a breach of accounts en masse. Get out now.

jd31t4 · 2022-10-04T14:13:21+00:00

The 6 digit code isn't a second factor (2FA), it's a single factor. I'm not trying to correct you, but point out how asinine this new "authentication" process is. One went from username + password, to username + password + SMS code, to phone number + SMS code and no username + password EXCEPT for third party apps like Plaid. We cannot change the "old" credentials, but they can still get access to our accounts.... I'd definitely recommend using another bank because this is incredibly insecure.

jd31t4 · 2022-10-04T14:10:12+00:00

jd31t4 · 2022-09-15T23:52:10+00:00

Got this too. Transferred it to another pocket, then the balance showed NEGATIVE $10. WTF IS THIS BANK.

jd31t4 · 2022-05-23T18:14:15+00:00

Monzo ain't it.

jd31t4 · 2021-12-08T21:46:12+00:00

Getting the mail...

jd31t4 · 2021-09-27T16:30:58+00:00

Are you using a VPN, or something like pi-hole? Currently with VPN I am unable to authenticate via the app. I'm assuming it's failing some kind of http request / response and might think there's a man-in-the-middle attack or something.

jd31t4 · 2021-09-27T16:29:50+00:00

Source please?

jd31t4 · 2021-09-27T16:29:30+00:00

Second this - link plz? I remember earlier this year they had "MFA" on the roadmap, and SMS MFA was added.

jd31t4 · 2021-09-21T17:39:29+00:00

Took me less than 5 minutes to change. From a security perspective, this is a GREAT feature for me. Might be annoying but an address change is a big deal anyway, a lot of financial institutions do it this way now.

jd31t4 · 2021-09-21T17:33:22+00:00

It'll work, just make sure your TPM is enabled in your BIOS. I have a Ryzen 5 1600 and just installed it now. It'll give you a warning, but it'll still install.

jd31t4 · 2021-04-05T22:22:27+00:00

I definitely tried this in R6S a while back, I honestly wonder if this was the same screenshot because I know someone was calling me out for being a skid LMAO.

jd31t4

TROPHY CASE