Thursday, August 23
Daily News Stuff 23 August 2018
pengi da
Non-Tech News
- Bunch of stuff happened.
Tech News
- There's a vulnerability in OpenSSH, which is used on, basically, every server in the world and most networking equipment. (Bleeping Computer)
It lets you check if a user name exists on the server.
That's it.
It's been fixed.
- Just in case you were wondering why no-one listens to "experts" any more. (Axios)
- The return of 24 cores and I can't type an email.
Yeah. Try rendering SVG to transparent PNGs some time.
Social Media News
- Everything is stupid.
Picture of the Day
Video of the Day
Posted by: Pixy Misa at
04:22 PM
| Comments (2)
| Add Comment
| Trackbacks (Suck)
Post contains 102 words, total size 2 kb.
1
I love the suggested mitigation for the OpenSSH bug: disable public keys and go back to typing passwords. Yeah, that'll work, thanks.
Besides, everyone already knows your username is either "root" or "ec2-user", so what's the big deal? :-)
-j
Besides, everyone already knows your username is either "root" or "ec2-user", so what's the big deal? :-)
-j
Posted by: J Greely at Friday, August 24 2018 01:40 AM (tgyIO)
2
Yep, pretty much. I mean, yes, best practice is you don't distinguish between an unknown user and a bad password, or even leak it via timing, but this is relatively minor. Particularly compared with something like L1TF that can compromise other virtual machines running on the same server without even generating a log entry to let you know something is happening.
Posted by: Pixy Misa at Friday, August 24 2018 12:18 PM (PiXy!)
49kb generated in CPU 0.0276, elapsed 0.1562 seconds.
58 queries taking 0.1376 seconds, 346 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1376 seconds, 346 records returned.
Powered by Minx 1.1.6c-pink.