It's Wrong Not To Have An Update Up-To-Date Image On The Download Server

[abcuser2021]

It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).

It took me just a few minutes to down the image file but an hour plus to update it to the latest version.  That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 

So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.

[franco]

Sure, just make sure to fund the work hours required to vet images for publication.

You see, publishing images is not the same as making sure they work.


Cheers,
Franco

[chemlud]

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

[franco]

Wait what we are talking experimental ARM images? Hooray for open source

[chemlud]

Wait what we are talking experimental ARM images? Hooray for open source

I always thought that my English is not that bad, but sometimes I simply don't get it...

You mean something like this:

https://forum.opnsense.org/index.php?topic=12186.msg105654#msg105654

?

[franco]

Yes, experimental community work.


Cheers,
Franco

[chemlud]

ARM is the future! Go ahead ;-)

[lfirewall1243]

It's wrong to put an outdated and vulnerabilities filled opnsense image file on the download page. The image file should be updated as frequently as possible (it should at least be updated on a weekly basis).

It took me just a few minutes to down the image file but an hour plus to update it to the latest version.  That one hour long update is enough for an attacker to break into my system. I installed the opnsense image and updated it to the latest version and setup everything nicely but the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 

So you see, it's wrong not to patch the image file to the latest and equally wrong not to pack the latest ET rules into the image file.

IDK what you have done -  but i don't think thats the fault of an OPNsense 21.1 System

[abcuser2021]

Sure, just make sure to fund the work hours required to vet images for publication.

You see, publishing images is not the same as making sure they work.


Cheers,
Franco

There's no need to update all mirrors site image files every week if there's no man power to do so but an up to date image that includes all security fixes should be made available to users on opensense website.

Wait what we are talking experimental ARM images? Hooray for open source

No, it's not ARM image. The raspberry pi is a client on lan network.

[franco]

There's still essential context missing from your request plus ambiguity regarding what an up to date image is? 6 months? More, less?


Cheers,
Franco

[abcuser2021]

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

[abcuser2021]

There's still essential context missing from your request plus ambiguity regarding what an up to date image is? 6 months? More, less?


Cheers,
Franco

Whenever there's a base update or security fix, the image file should be updated and published on daily or weekly basis.

[lfirewall1243]

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

There isn't such a security bleach that makes these attacks possible in 21.1

[chemlud]

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

So basically "the Telco staff" is walking through (fire)walls? If your thread modell includes the NSA/GCHQ forget about anything to keep your privacy short of throwing all electronics into the trash.

Otherwise consult your doctor for adjustment of medications...

[allebone]

I love threads like this. They bring joy to my Fridays.