back to article FortiGate config leaks: Victims' email addresses published online

Thousands of email addresses included in the Belsen Group's dump of FortiGate configs last week are now available online, revealing which organizations may have been impacted by the 2022 zero-day exploits. Infosec expert Kevin Beaumont uploaded the IP and email addresses associated with the leaked FortiGate configs to GitHub, …

  1. cyberdemon Silver badge
    Unhappy

    bletchleypark.org.uk on the list

    Oh dear, how standards have slipped!

    1. Anonymous Coward
      Anonymous Coward

      Re: bletchleypark.org.uk on the list

      or remain the same - microsoftsupport.com

  2. IGotOut Silver badge

    Another bullshit company statement

    "We continue to strongly recommend that organizations take the recommended actions, if they have not already, to improve their security posture."

    Great victim blaming.

    Heres a thought.

    If YOU hadn't fucked up, they shouldn't have to worry as much.

    Here's an idea, offer free support to those companies you failed, in order to counteract your incompetence, after all, you are supposed to be the security company, not them

    1. Anonymous Coward
      Anonymous Coward

      Re: Another bullshit company statement

      If you didn't change your passwords and keys, and didn't replace your certificates (including the CA if your forti-open-gate is a CA) in 2022, then the blame lies soley on you.

      1. Dimmer Silver badge

        Re: Another bullshit company statement

        AC,

        If I DECIDE to store my configs in the cloud, I will take part of the blame.

        If my device by default stores it in the cloud - it is %100 theirs

    2. Missing Semicolon Silver badge
      FAIL

      Re: Another bullshit company statement

      "We continue to strongly recommend that organizations take the recommended actions, if they have not already, to improve their security posture."

      "We did - we bought one of your firewalls!"

  3. cookiecutter

    Can't see anyone taking it seriously

    Since the numbers consistently show that of organisations that have ALREADY been compromised less than 20% of them actually improve their security spend or increase staff training etc....

    I can't really see anyone taking this too seriously and it's a good bet that 80% of those credentials are still in place.

    2 things need to happen...software / hardware vendors need to become legally liable for bugs. The whole "all software has bugs" tech industry crap is mental..no one else would get away with it

    Board level needs to be legally liable. There's too much kicking the can down the road. CEOs who are basically just hoping that if nothing breaks in the 2-3 years they are there, the outsourcing & offshoring won't come back to bite them before they get their millions and leave. Make the BOARD liable, regardless of whether it was a vendor or MSP or consultancy....no more "shifting risk"

    Watch IT wages & staffing numbers go up & non IT staff training improve too

  4. teebie

    "If your organization has consistently adhered to routine best practices [...]," said the vendor.

    Should that be

    "If, unlike us, your organization has consistently adhered to routine best practices [...],"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like