Security by obscurity may work in delaying exploits, but once someone breaks the obscurity, they have a headstart on exploiting it over those hoping to fix it.

[–] [email protected] 15 points 3 weeks ago (1 children)

Security by old software, or how I call it: the ivanti approach

[–] [email protected] 11 points 3 weeks ago

That makes me nervous, but I'm not allowed to tell you why

[–] [email protected] 7 points 3 weeks ago (1 children)

And every service runs as root. This enables the CRL webserver to download /etc/shadow ...

[–] [email protected] 5 points 3 weeks ago

Or user sessions persist on the filesystem so a glitch on the captive portal’s web server allow you to get clear text username and password for currently connected vpn sessions …

[–] [email protected] 6 points 3 weeks ago

Yep. Closed source is for the software that no one would ever buy if they could read it.

[–] kolorafa 15 points 3 weeks ago (4 children)

Mikrotik & pfSense?

[–] [email protected] 5 points 3 weeks ago

sounds correct

[–] [email protected] 4 points 3 weeks ago (1 children)

pfsense technically shared the ssh server one i thought

[–] deltapi 1 points 3 weeks ago (1 children)

The last time I installed pfsense Ssh was disabled by default.

[–] [email protected] 3 points 3 weeks ago

It is, but it's also the first thing I turn on when I install a new one.

[–] [email protected] 2 points 3 weeks ago

Makes me glad I went with MikroTik for my home network.

[–] CodeHead 2 points 3 weeks ago

firewalla?

[–] slazer2au 5 points 3 weeks ago

No. And if there are any that say they didn't I don't believe them.

[–] [email protected] 2 points 3 weeks ago (1 children)

Did nftables or ebpf have any critical zero days last year?

[–] [email protected] 4 points 3 weeks ago

AFAIK not. This meme is targeted at commercial firewall appliances, that often have VPN/IPS/authentication and many other features that are exploited regularly.