It’s perpetually exhausting reading about another “fortinet breach” when it’s always just poor maintenance and poor hygiene. The actual products are solid. If you configure them like a glass house, people are gonna throw rocks.
Is this how Subaru owners feel?
@cR0w I, infosecs only fortinet enjoyer, can’t even defend this one.
I’ve yet to decompile the hotfix, but the fact that they didn’t at least update the installer in the support portal means it’s trivially easy to find what they fixed.
The shell script strips out a bunch of headers from their Apache config. Headers that made no sense being permitted there.
All this while just last month they’re gloating about how they’re using AI in support functions and in writing code at Accelerate in Vegas.
@GossiTheDog my org broke access to the windows store, so I never got the notepad update with copilot, I only ever got the tabs/“keep your tabs when it closes without saving” features which are fantastic.
Thank god vulnerability management isn’t my job.
@jerry following up on the “firewall in front of your fortigate” that’s called local in policies and the authorized hosts list.
But dogshit fly by night MSPs have never heard of that or VPNs, so they just open up the management interface(s) to the internet, slap a “all to internet” firewall policy in there with no inspection and sell it to an unsuspecting accounting firm for hundreds of dollars a month, then call themselves an MSSP.
Laughing my ass off as I just realized that I’ve been given a staff badge for the event I’m at.
This is an information security conference.
bruh/a1ba