borari
Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.
- 0 Posts
- 17 Comments
104·2 months agoIf you really regularly disclosed vulnerabilities you’d know that for entities that don’t have vulnerability disclosure programs you can always report through CISA or ENISA.
4·3 months agoDamn. You’ve given me a vision of a future where people call applications that are installed locally and don’t leverage any cloud/server backend for any functionality “self-hosted” programs and I hate it.
It is pretty easy. There’s tons of tutorials and walkthroughs for doing it, but anyone familiar with UIs will be able to work it out pretty quickly I think. Maybe a friction point in using the filter query, but again there’s tons of walkthroughs and guides for using it online.
If you can’t conceptualize a packet, or sockets, or network flows, even with the help of online guides/manuals, I guess it wouldn’t be easy. In that case I’d be wondering why someone would want to use those tools in the first place though, as then they probably wouldn’t have the skills necessary to leverage the information gleaned from the tool in any useful way.
Edit - As we’re in the self-hosted community, I’d argue that anyone who is self-hosting anything would probably be able to easily install wireshark and view http requests, both individual packets and the stream as a whole.
My dude. You are not a serious person. I’m blocking you so I don’t waste my time with you in the future. Enjoy your life I guess.
Wow you found three different articles, all about the same CVE, that the manufacture published a firmware patch for before any public disclosure was made. That’s definitely just as bad as pretending you don’t know about CVEs in your products lol.
You presented one that doesn’t have security vulnerabilities? Here’s yet another CVE out for trendnet: https://nvd.nist.gov/vuln/detail/CVE-2018-19239
Every. Single. Brand. Has. CVEs. I’ve used Mikrotik, I’ve used Cisco, I’ve used Juniper, I’ve used Ubiquiti. I have a trendnet Poe switch in my attic powering some cameras and an AP right now. I have no “problem” with any brand of anything.
I do have a problem with you implying that a company doesn’t take security seriously when they do. I start to think you’re intentionally lying when you lift up trendnet as the model, because they have quite an especially atrocious history of it.
https://www.rapid7.com/db/modules/exploit/linux/misc/cisco_ios_xe_rce/
We can go back and forth on RCEs literally all day. If your bar for using a product is “no RCEs”, get off the grid entirely my guy.
MikroTik is just as serious a network company as Cisco or Juniper, and vastly more serious from an enterprise networking point of view than trendnet.
Also where tf did OP mention anything about warranties?
Edit - https://medium.com/tenable-techblog/trendnet-ac2600-rce-via-wan-8926b29908a4
Edit - https://www.archcloudlabs.com/projects/trendnet-731br/
Edit - lol holy shit look how customer focused trendnet is! They just plugged their ears and pretended an unauthenticated RCE in their product didn’t exist haha. https://arstechnica.com/information-technology/2015/04/no-patch-for-remote-code-execution-bug-in-d-link-and-trendnet-routers/
Edit - oof yikes look there’s more. https://www.nccgroup.com/us/research-blog/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329/
deleted by creator
deleted by creator
deleted by creator
You are a foolish person.
Yeah I’ve worked at WISPs that were pushing TBs through their core routers every day. Those core routers? Mikrotiks. Every apartment buildings core routers and fiber aggregation switches? Mikrotiks. You had to get down to the access layer switches that fed the individual apartments to hit Cisco equipment.
This person is just repeating some shit they read somewhere, hoping it makes them sound knowledgeable. In another post they’re recommending trendnet shit. Get back to me when you can set up BGP peering on your trendnet lol.
The illegal goods on telegram aren’t piracy related.
It’s obnoxious, especially when it’s a three word post. Also, that exact same user has replies to people on Mastadon instances themselves where they didn’t tag when replying, so idk about that just being how it is. Seems like some arbitrary bullshit that could just stop.
You can just reply, what’s the point in tagging them?
I’m just basing on the fact that two identical OLED panels, one in a 32” LG monitor without the app features and the other in a 55” LG Television with the app features, are about equivalently priced. I could be totally wrong though idk. It quacks like a duck getting fucked ¯\(ツ)/¯
Exactly this.
@uranibaba@lemmy.world, I self host my media server, my *aars, my Usenet client, Home Assistant, dns server, and have some loud af r710s for standing up test AD and simulated network environments. My website is hosted on Google Cloud, moved from AWS bc free tier ran out and g cloud is like $0.42 a month. It’s just whatever makes sense for the thing being hosted.