Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Ubiquity Alert

  1. #1

  2. #2
    Master Untangler
    Join Date
    Jan 2014
    Posts
    109

    Default

    The key with this is it's older firmwares of the older airmax stuff, and still relys on default credentials. AKA, if you get it, y ou deserve it.

  3. #3
    Master Untangler
    Join Date
    May 2010
    Posts
    218

    Default

    Agreed.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,374

    Default

    Yup, 'best practice' should prevent this kind of thing.

    I still wonder about Android, though.

    .ja.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,154

    Default

    Unifi users just need to make sure they're running the most recent controller and firmware, then go into settings -> site, and make sure the device authentication fields aren't using ubnt, or root as a username, and stuff in a decent password.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Feb 2016
    Posts
    52

    Default

    Interesting... I read both links, and no mention of "Android"....

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,154

    Default

    The bot hits Linux, Android is Linux.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,637

    Default

    The folks that get hit with this are the lazy ones. If you do not care enough to immediately and execute some basic best practices then you get what is deserved. The firmware has been updated so it is up to admins to install it.

  9. #9
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,374

    Default

    I see, I guess this guy read between the lines, I dunno:
    ICS-CERT provides the following summary of the two BrickerBot versions (BrickerBot 1 affects Ubiquiti devices and BrickerBot 2 affects Android devices):
    I don't have much control of passwords or updates on those things.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,154

    Default

    https://community.ubnt.com/t5/UniFi-...t/td-p/1890896

    TLDR is as Hescominsoon suggests, if you configure your crap properly you're fine. People that expose the SSH of a Unifi WAP to the world are just as ignorant as those that open SSH on Untangle to the world.

    Set a strong password, and keep things inside. If you're really paranoid you use VLANs to isolate the WAPs into their own IP network so network clients cannot see them either.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2