Jerry 🦙💝🦙

A quick reminder that you really need to have your fortinet firewalls behind a firewall

https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html?m=1

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Attackers exploit FortiGate vulnerabilities to steal LDAP credentials and breach networks, enabling AD access and malware deployment.

The Hacker News
Mar 10 at 10:20pmWeb
Show threadVissMar 10
@jerry spectacular. no notes
Show threadJohn TimaeusMar 11

@Viss @jerry

I've been going to lots of .mil tech conferences lately. There's always a fortinet booth and an ivanti booth. I don't think I've seen anyone actually go to those booths.

Show threadJohnleyMar 10
@jerry meanwhile I’m at fortinet accelerate this week…
Show threadJohnleyMar 10

@jerry following up on the “firewall in front of your fortigate” that’s called local in policies and the authorized hosts list.

But dogshit fly by night MSPs have never heard of that or VPNs, so they just open up the management interface(s) to the internet, slap a “all to internet” firewall policy in there with no inspection and sell it to an unsuspecting accounting firm for hundreds of dollars a month, then call themselves an MSSP.

Show threadIchinin   âś…🎯🙄Mar 10
@jerry Apparently Fortinet is built upon Linux so...apt-get install iptables ?
Show threadSamantaz FoxMar 10
@jerry Maybe we should ask them to reconsider the industry they're working in. At this point, they should open a swiss cheese factory, they'd do great!
Show threadBaloo UrizaMar 11

@SamantazFox Clownflare suddenly considers buying cows...

@jerry

Show threadGlitchyXPMar 11
@jerry https://tvtropes.org/pmwiki/pmwiki.php/Main/WhoWatchesTheWatchmen
Who Watches the Watchmen? - TV Tropes

Who watches the watchmen? is a popular translation of Quis custodiet ipsos custodes?, from the writings of Juvenal, and which may be more literally translated as Who will guard the guards themselves?. It was quoted as an epigraph in the Tower …

TV Tropes
Show threadCarlos SolĂ­sMar 11
Ah yes, good ol' FortiVulnsPerWeek
Show threadCarlos SolĂ­sMar 11
Or as the Slavic sphere would call them, Forti-НЕТ
Show threadSysAdminInHellMar 11
@jerry Isn't it like that with Chrome 0-days every other week?
Show threadAndrew GoldingMar 11
@jerry genuinely considered purchasing a used gateway appliance just to get a picture of it plugged into itself, but people still want significant sums of money for them.
Show threadTim LavoieMar 11
@huronbikes @jerry Would a Fortigate 100D suffice? Mine (got as a free toy with a year's support) has been idle for a few years now.
Other than shipping, it's free.
Show threadAndrew GoldingMar 11
@tim_lavoie @jerry If shipping to Chicago is less than my weekly dozen wings ($25) then yeah, I think I could spend that much towards a possible shitpost.
Show threadTim LavoieMar 11

@huronbikes @jerry Sadly, don't think so (especially international).

Hopefully you can find a local doorstop though.

Show threadAndrew GoldingMar 11
@tim_lavoie @jerry UPS ground says about 33 from Toronto to here (using Toronto as an example source, no idea where you are though I am guessing Canada based on the .ca?) to which I say "I've spent 33 ameros on dumber"
Show threadTim LavoieMar 11
@huronbikes @jerry Less than I expected, to be honest!
I'm way out on the Canadian left coast, not sure how much that matters.
If you're serious, I'll look around for a suitable box, how to factory reset etc.
Show threadkaasweMar 11

@jerry
This is not the first ….. tenth, eleventh major CVE or breach by Fortinet, still companies are buying and putting them as a perimeter Firewall.

I cannot understand how that risk assessment process looks like ???

If price is that important for you and not to secure, why do you even spend money in the first place and not just use a CentOS server with iptables.

Mind blowing