@scottalanmiller said in Zyxel backdoor found:

@jt1001001 said in Zyxel backdoor found:

Number of their products are OEM to isp and other manufacturers. We have a DSL backup circuit using an ORM Zyxel router. Will be disconnected on Monday as we don't need it

That's because DSL stands for Don't need that Shit any Longer.

I'm using DSL right now, but we're right next to the COLAC, so we actually see 80mbps/20mbps. Our only other option is a cable company that would cost 3x more due to such low caps (Armstrong).

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Dashrender said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@JaredBusch said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@scottalanmiller said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

@Obsolesce said in Why, in 2018, is Microsoft adding security questions to Windows 10?:

This only occurs, that I've seen, during OOBE when you set up the PC as a local, non-domain, non-Microsoft-Account, user.

Correct, as a standard local account. The "normal" way. Most people don't use AD, even in business this is dropping off quickly. And lots of people don't want to deal with those ridiculous MS accounts that they try to ram down everyone's throats. And who knows how secure those are, anyway.

That is not the normal way to set up windows anymore and has not been for quite a while. The normal way to set up windows is with a Microsoft account. In fact you have to click no to setting up a Microsoft account multiple times in order to set up a PC without a Microsoft account

That's what they promote, but I wonder how many people are actually doing that.

Probably most that don’t use AD. Of course some will not, but not many.

I tend to agree - most home users will use a MS account simply because it's what's presented. IT folks and some programmers might not, but I'm willing to bet it's way over half that do.

Have you seen a lot of home users doing this? I have not, of course my cross section is tiny. But of the ones I see that have zero tech skills, they all skip it because it is scary and confusing.

The option to skip it's obvious enough for most people I run into - they just do it, even if that means setting up a new account.

It is obvious? not really. And even if they see it and click on it, you have to refuse once or twice more.

Whoops - I meant - NOT super obvious... normal users will be guilted into using an MS account in most cases.

yeah the first two times it took me a moment to notice you could skip.

@scottalanmiller said in Security History: Barracuda Gear Is a Security Breach:

@bbigford said in Security History: Barracuda Gear Is a Security Breach:

@scottalanmiller said in Security History: Barracuda Gear Is a Security Breach:

@bbigford said in Security History: Barracuda Gear Is a Security Breach:

I also don't appreciate SonicWall's backdoor. I've gone through a few instances of over-the-air updates bricking appliances or causing crazy performance issues with constant CPU spiking.

I dislike all back doors. But is SonicWall's open to the public? Or is it at least just a back door for them? Still not good, but an order of magnitude or a few better.

Of course they'll say it's only open to them, but that's what Barracuda says too...

It's often pretty easy to test. At least for something in the degree of Barracuda's, it was WIDE open, no security whatsoever.

Not sure if it was only open to them in case of Sonicwall.

@dafyre said in WD My Cloud Backdoor:

@danp said in WD My Cloud Backdoor:

Just read elsewhere that this was resolved back in November with a fireware upgrade. Need to determine how to check if my device is vulnerable.

Resolved, or did they just change the username, lol.

Just like Lenovo, that'd be a little scary.