Well right, but there's not really any way around that, short of having a bunch of midgets you keep stacked in the basement with passwords written on their foreheads and you summon them by yelling the name of the site or service you need the password for.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mathew Howard" <[email protected]> To: "AnimalFarm Microwave Users Group" <[email protected]> Sent: Tuesday, March 30, 2021 2:42:19 PM Subject: Re: [AFMUG] Ubiquiti played fast and loose with the truth? I think Steve's point is that if you have all of your stuff stored in one place, if somebody gets access to that place, they have all your stuff. Whether that place is Lastpass, a TXT file or a forehead isn't particularly important. On Tue, Mar 30, 2021 at 2:23 PM Mike Hammett < [email protected] > wrote: Right, I read that. That doesn't mean anything. It could have just as well said that they were previously stored in a TXT file on the desktop or written backwards on the SysAdmin's forehead. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Steve Jones" < [email protected] > To: "AnimalFarm Microwave Users Group" < [email protected] > Sent: Tuesday, March 30, 2021 2:18:41 PM Subject: Re: [AFMUG] Ubiquiti played fast and loose with the truth? from the sounds of it thats how they gained the access Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies. On Tue, Mar 30, 2021 at 2:10 PM Mike Hammett < [email protected] > wrote: <blockquote> I don't know that LastPass really had anything to do with it, other than that's where someone stored a password. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Steve Jones" < [email protected] > To: "AnimalFarm Microwave Users Group" < [email protected] > Sent: Tuesday, March 30, 2021 2:06:13 PM Subject: Re: [AFMUG] Ubiquiti played fast and loose with the truth? hahaha, lastpass. I like to keep all eggs in a single basket, that way when i have both hands in the cookie jar, all a guy need to do is walk off with the basket and make an omelette On Tue, Mar 30, 2021 at 1:59 PM Cameron Crum < [email protected] > wrote: <blockquote> We are shocked. SHOCKED I say! On Tue, Mar 30, 2021 at 1:18 PM Robert Andrews < [email protected] > wrote: <blockquote> I guess I should have not just put in a link without commenting... So: Why am I surprised? On 03/30/2021 11:15 AM, Robert Andrews wrote: > https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/ > > > -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
