Jack Rhysider
๐ค SpeakerAppearances Over Time
Podcast Appearances
Geez, that's another thing that's wild to me.
The fact that you can take over someone else's domain if you can prove that you're the one who's the rightful owner of it or should be owning it.
But they gave enough reasons to the courts, who then demanded that the domain registrar give Sophos control of the hackers' malicious domains.
You're just like, hey, we make this product.
You can't just call up the Dutch police and say, go get that server, we need it.
At the same time, they got control of the domains used by the hackers and sent all the traffic they were getting to a sinkhole and logged it all.
I couldn't find a single article by Linksys mentioning any of this.
Netgear put out an advisory saying a Chinese threat actor is attacking their products.
However, they say they are not aware of any Netgear devices being exploited out in the wild.
which if they don't have any telemetry from their customers' products, then yeah, of course they're not going to know if any devices are being exploited.
And that's what's challenging me here.
Should the firewall vendor be collecting logs off its customers' devices in order to better understand what devices are actively being exploited?
Or should that be the responsibility of the customer?
In many organizations, they have their own security logs and even a team to monitor those logs to look for threats.
But things like Netgear and Linksys are typically home devices, and it's very rare for people in their own homes to be monitoring their logs looking for threats.