It's Wrong Not To Have An Update Up-To-Date Image On The Download Server

[abcuser2021]

There isn't such a security bleach that makes these attacks possible in 21.1

if you download the latest image now and install it on your system and than click on the "update" button, you would see a list of  vulnerabilities and those vulnerabilities are published publicly and any attacker can exploit those vulnerabilities to hack into your opnsense firewall while you are updating it and as I have said the update took more than an hour so......there's plenty of time for them to attack the opnsense firewall.

[abcuser2021]

...the moment my raspberry pi (with fresh install OS) on the lan side went online, it got hacked and remotely turn off by the attacker. 
...

So it was still user pi / password raspberry? No exposure to the WAN (open ports in OPNsense)?

No other LAN clients compromised?

No open ports on wan and pi password had been changed to a 16 characters password.
The crooked Telco staffs are part of the attackers. They have been attacking my pc, laptops and phones and turning off my devices is part of the their attack.

So basically "the Telco staff" is walking through (fire)walls? If your thread modell includes the NSA/GCHQ forget about anything to keep your privacy short of throwing all electronics into the trash.

Otherwise consult your doctor for adjustment of medications...

They walk thru firewall that has tons of vulnerabilities. In your world such thing is a fairy tale but in the world where I live the head of police force complaining top cops receiving bribes and every week on the news there were victims either lose all their hard earned saving or a huge chunk of it got stolen by scammer thru online banking scam.

The scammers know everything about their victims (their banking info,  online activities , names , family members etc).

But I guess it's hard to convince you and it's a waste of time to do so. 

[lfirewall1243]

There isn't such a security bleach that makes these attacks possible in 21.1

if you download the latest image now and install it on your system and than click on the "update" button, you would see a list of  vulnerabilities and those vulnerabilities are published publicly and any attacker can exploit those vulnerabilities to hack into your opnsense firewall while you are updating it and as I have said the update took more than an hour so......there's plenty of time for them to attack the opnsense firewall.

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

[Patrick M. Hausen]

Time to bring out the tinfoil hats - or better, close the thread, don't you think?

[chemlud]

My tinfoil hat is pretty big, but the problem is mostly on the LAN side, i.e. Windows...

[packet loss]

abcuser2021 sole purpose here is to spread misinformation with an attempt to discredit OPNsense.

Linux, OpenBSD, Windows and FreeBSD and others normally don't provide up to date downloads unless you download current snapshots or experimental builds. One must download the release version then install all the updates.

If you're getting hacked you have some serious problems not related to OPNsense.

[franco]

I don't see a reason here for discrediting. I asked for details twice but there aren't any. Not even sure which version we are talking about and if it was one that we published or not so from this perspective everything that needed to be done got done.  :)


Cheers,
Franco

[abcuser2021]

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?

I hope the company "hiring" you undestand what they are doing.

[abcuser2021]

abcuser2021 sole purpose here is to spread misinformation with an attempt to discredit OPNsense.

Linux, OpenBSD, Windows and FreeBSD and others normally don't provide up to date downloads unless you download current snapshots or experimental builds. One must download the release version then install all the updates.

If you're getting hacked you have some serious problems not related to OPNsense.

Most android phones don't get the latest security patch too, so does that mean it's ok?

[abcuser2021]

I don't see a reason here for discrediting. I asked for details twice but there aren't any. Not even sure which version we are talking about and if it was one that we published or not so from this perspective everything that needed to be done got done.  :)


Cheers,
Franco

I'm surprise, as a Admin you don't see that as a security risk and the necessity to highlight the problem to the dev team. 
It's silly to think that the firewall will not be attacked during updating.
As a security software, all security hole should be sealed.
An outdated image that filled with vulnerabilities and required an hour to update is a major security hole that need to be taken seriously.

[lfirewall1243]

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?

I hope the company "hiring" you undestand what they are doing.

I don't say everything is safe when wan is closed.

but most people are asking you to give us some facts about it - but no answer, so if you don't know how to use a computer, ask of help or stop it. But don't troll

But I think you're just trolling.

[abcuser2021]

Than proofe that these vulnerabilities are the reason for it.
Because even if there's such a vulnerability the WAN is closed.
Believe me - it security is part of my job. What You are talking here is bullshit, wrong and just bashing

So don't talk bad about something without facts...

Ya right, I'm sure you got Phd. in IT security. WAN is closed all is safe???? Really?? You are working in IT security filed??
If WAN is closed all is safe then why the hell do we need IT security expert like you and why there's IPS/IDS etc at all?
for one, packet can't be altered to mess up your firewall?

I hope the company "hiring" you undestand what they are doing.

I don't say everything is safe when wan is closed.

but most people are asking you to give us some facts about it - but no answer, so if you don't know how to use a computer, ask of help or stop it. But don't troll

But I think you're just trolling.
[/quote

It's not about proving and showing how the hacker exploit the vulnerability but recognising not making an updated image available could be a security risk for some users in some other country.

The point here is recognising that it is a security risk that need to be sealed off.

[franco]

Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯


Cheers,
Franco

[abcuser2021]

Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯


Cheers,
Franco

So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?

ok then you can close this thread now.

[lfirewall1243]

Yawn, it's just continuous riffing on the same buzz words, but still nothing specific. ¯\_(ツ)_/¯


Cheers,
Franco

So... by pointing out - installing an outdated image that filled with security vulnerabilities and took more than an hour to update is a security risk - is not specific enough?

ok then you can close this thread now.

No it's not [emoji2357]