Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- 231.8K All Categories
- 22 >> Start Here <<
- 12 New Members
- 8 FAQs
- 83.3K Gear
- 37.9K Guitar
- 3.2K Acoustics
- 1.3K Bass
- 14.1K Amps
- 16.7K FX
- 157 Digital & Modelling
- 730 Other Instruments
- 7.9K Making & Modding
- 406 Gear Reviews
- 100 Guitar Reviews
- 72 Amp Reviews
- 119 FX Reviews
- 84 Other Reviews
- 734 Made in the UK
- 932 Theory
- 1.8K Technique
- 2K Live
- 3K Studio & Recording
- 2.1K Making Music
- 202 Events
- 15 Guitar Show 2018
- 762 Plug My Stuff
- 100.6K Classifieds
- 39.2K Guitars £
- 2.6K Acoustics £
- 132 LH Guitars £
- 836 Basses £
- 10K Parts £
- 17.6K Amps £
- 32.8K FX £
- 2.6K Studio & Rec £
- 5.8K Misc £
- 443 Personnel
- 52.7K Chat
- 35.3K Off Topic
- 987 Tributes
- 6.3K Music
In this Discussion
Become a Subscriber!
Subscribe to our Patreon, and get image uploads with no ads on the site!
Quad Cortex security vulnerability - possible data breach
PC_Dave
Frets: 3390
On Friday April 21st we were alerted to an unsuccessful login to the email account we use to collect reports and logs sent from Quad Cortex. This turned our attention to a security vulnerability on Quad Cortex that granted exploiters temporary access to the aforementioned email account.
This exploit was immediately fixed internally, meaning no further access is possible. However, this has resulted in Quad Cortex being unable to send new reports or logs until CorOS 2.0.2 has been installed.
We are beta testing CorOS 2.0.2 internally and intend to release it this week.
Unfortunately, due to the exploit, approximately 3300 names and email addresses were viewable by a small number of individuals who are attempting to expose security vulnerabilities on Quad Cortex. This does not mean the exploiters were able to log in to the email accounts - they could only see the names and email addresses in a list.
While the exploiters were able to access the inbox of the email account containing the reports and logs, they did not, to the best of our knowledge, exploit this breach with malicious intent to gain access to customer data.
Quad Cortex also records the names and passwords of all the WiFi networks it has connected to since the last factory reset. Unfortunately this data was not encrypted.
The WiFi passwords for any user who sent a crash log to us (after a system failure, not by sending a log via Settings > Contact Us > Send Report) were also accessible to the exploiters.
We identified approximately 430 users affected by this. This issue has been fixed in CorOS 2.0.2, and Quad Cortex will no longer record the passwords of WiFi networks in the crash logs.
No further personal information or sensitive data is collected by Quad Cortex and, therefore, nothing else has been exposed.
We have emailed the users who have been affected by this breach. If you have ever sent a Quad Cortex report or a crash log, the above applies to you. If you have not sent a Quad Cortex report or a crash log, your name, email address, or WiFi password has not been exposed.
I apologize deeply for this inconvenience and our oversight. We value our users’ privacy above anything else and we were devastated to learn of this vulnerability being exploited. We will be doing everything possible to deeply evaluate our systems and Quad Cortex to ensure nothing like this can happen again.
If you have any questions, please do not hesitate to contact support@neuraldsp.com
LOL 2
Wow! 0
Wisdom · Share on TwitterBase theme by DesignModo & ported to Powered by Vanilla by Chris Ireland, modified by the "theFB" team.
Comments
Means changing the password on router...then some 18 devices..
Maybe I should send a fucking bill for the hourly rate of my fkin time to them!
"If it smells like shit...It is probably shit"
Trading feedback here
that’s some serious data collection that’s totally unnecessary.