Re: Either way, this is an indictment of Ubiquiti
Customers (and Ubiquiti, for that matter) had no way of knowing the difference and had to react accordingly. "No significant damage was done" only if you assume this costs nothing.
We must deal with information that we are given. We then evaluate the credibility vs. the costs / benefits of reacting. In this case, the most reasonable response was to react as if the information was true.
The problem is that Ubiquiti made themselves custodians of data whose security was absolutely vital and wound up in a position (due to decisions they made) where they could not determine the security of that data.
In fairness, this is an extremely difficult problem to tackle well. But if a company is making that commitment on a large scale, then they need to be able to deliver on that commitment. Ubiquiti failed catestrophically.
Biting the hand that feeds IT
