|
|
|
|
|
|
by _pplp
1903 days ago
|
|
|
I mean, I didn't necessarily agree with all of his methods or reasonings on everything, but I've come to realize a lot of times his hands were just as tied as ours. And the draconian surveillance stuff? Yeah, he was directed to do that. One guess by whom. He was "in charge" because he convinced Robert that he was the right guy for the job by finding a security flaw that let him log into Robert's personal UniFi Protect setup at his home. At that point Robert basically gave him carte blanche, but also started directing him to lock everything down. More than a bit of paranoia there, in my opinion. |
|
|
In the Krebs article the whistleblower calls out forging SSO logins as one of the things that was compromised. If the attacker is really an ex-employee like Ubiquiti says, then it's scary that the SSO signing keys aren't even being rotated after the account forgery stunt.
> Adam says the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.