Every device and service gets pwned.
It's how you handle the response that matters, and UBNT did muck that one up pretty bad.
I'll still be using their equipment... because anything else I buy will have similar issues.
Take Cisco for example...
just make a note that I said Cisco later.
All that said... You have every right to be angry about it.... They responded abysmally.
but any other product you use in these roles will have intrinsic weaknesses. even the open source ones(although I suspect they will be a rarer occurrence).
The truth is that there is not a profit model in securing code. Make that make money (or conversely punish it in some real and measurable fashion) and you'll get better results.
This is a bigger problem than just UBNT.
@thegibson @itguyeric @aag It helps that "cyber-insurance" usually doesn't cover attacks from nation-states. Hopefully someday soon it will just be flat-out illegal to buy or sell insurance against hacks. https://hbr.org/2020/10/does-your-cyber-insurance-cover-a-state-sponsored-attack
I hate the cyber insurance industry... If you knew the things I've seen...
literal Cyber-ambulance chasers... legal firms pretending to be "security consultancies" for the purpose of defending either the victims or the insurance company... clients asking us to make assessment adjustments based on their legal advisors...
on and on.
it is a pox on our house.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!