Dnext

anonymiss

November 1, 2024 12:23pm

#Tor is under #attack: https://delroth.net/posts/spoofed-mass-scan-abuse/

#ssh #spoofing #Problem #internet #hoster #news #network #abuse

Hackaday (unofficial)

September 5, 2024 12:00pm

Getting Root on Cheap WiFi Repeaters, the Long Way Around

#networkhacks #reverseengineering #curl #cve #linux #openwrt #rce #remotecodeexecution #ssh #uart #wifirepeater #hackaday
posted by pod_feeder_v2

Getting Root On Cheap WiFi Repeaters, The Long Way Around

What can you do with a cheap Linux machine with limited flash and only a single free GPIO line? Probably not much, but sometimes, just getting root to prove you can is the main goal of a project. I…

Rebeka Catalina

August 12, 2024 1:20pm

#FreeBSD #Security #vulnerability #ssh #OpenSSH

♲ Dervishe the Grey - 2024-08-12 07:26:44 GMT

🚨 Update your
freebsd machine asap
"The vulnerability poses a significant risk as it allows unauthenticated remote code execution, potentially leading to full system compromise. Attackers exploiting this flaw can gain root access, install backdoors, exfiltrate data, or deploy malware."
https://cybersecuritynews.com/openssh-vulnerability-freebsd/

Dervishe the Grey (@dervishe@mastodon.sdf.org)

4.62K Posts, 242 Following, 198 Followers · Entropy factor / Lurker at the threshold / ? = + Interest: bsd /linux /infosec /retrocomputing /spycraft /coldwarhist /carnivorous https://keybase.io/dervishe/pgp_keys.asc

Hackaday (unofficial)

July 5, 2024 3:00pm

This Week in Security: Hide Yo SSH, Polyfill, and Packing It Up

#hackadaycolumns #news #securityhacks #regresshion #ssh #thisweekinsecurity #hackaday
posted by pod_feeder_v2

This Week In Security: Hide Yo SSH, Polyfill, And Packing It Up

The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, that was unintentionally re-introduced in version 8.…

Ferdinand Thommes

July 2, 2024 5:57am

RegreSSHion: Neue alte SSH-Sicherheitslücke

https://linuxnews.de/regresshion-neue-ssh-sicherheitsluecke/ #ssh #security

RegreSSHion: Neue alte SSH-Sicherheitslücke

Eine von Qualys entdeckte Sicherheitslücke im OpenSSH-Server mit einem CVSS-Score von 9 wurde geschlossen. Erfolgreiche Angreifer erhalten automatisch Root-Rechte.

Hackaday (unofficial)

May 17, 2024 3:00pm

This Week in Security: The Time Kernel.org Was Backdoored and Other Stories

#hackadaycolumns #news #securityhacks #ebury #ssh #thisweekinsecurity #hackaday
posted by pod_feeder_v2

Kurt Lupin

May 15, 2024 9:51am

falls jemand eine #fritzbox von #avm als #router hat:
ich bin heute morgen noch in die falls getappt mit #ssh.

https://www.heise.de/news/Schiedsverfahren-gewonnen-Domain-fritz-box-gehoert-nun-AVM-9717847.html

Schiedsverfahren gewonnen: Domain "fritz.box" gehört nun AVM

Schuld an der widerrechtlichen Registrierung trüge der Registrar, so die WIPO. Wer die Domain für sich registriert hatte, bleibt weiter unklar.

Hackaday (unofficial)

April 5, 2024 3:00pm

This Week in Security: XZ, ATT, and Letters of Marque

#hackadaycolumns #news #databreach #letterofmarque #ssh #thisweekinsecurity #xz #hackaday
posted by pod_feeder_v2

This Week In Security: XZ, ATT, And Letters Of Marque

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…

Hackaday (unofficial)

March 30, 2024 12:00am

Security Alert: Potential SSH Backdoor Via Liblzma

#news #securityhacks #backdoor #opensource #ssh #xz #hackaday
posted by pod_feeder_v2

Security Alert: Potential SSH Backdoor Via Liblzma

In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The m…

david Marec

March 29, 2024 9:55pm

Si vous avez un linux dans cette liste qui a mis à jour xz/liblzma récemment. Rétropédalez .

Surtout quand on découvre que;

openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

#security #oss #linux #ssh

Hackaday (unofficial)

March 28, 2024 6:00am

Webserver Runs on Android Phone

#softwarehacks #android #apache #linux #phone #server #smartphone #ssh #termux #webserver #hackaday
posted by pod_feeder_v2

Webserver Runs On Android Phone

Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a normal computer running Linux coul…

Hackaday (unofficial)

January 5, 2024 4:00pm

This Week in Security: Bitwarden, Reverse RDP, and Snake

#hackadaycolumns #news #securityhacks #mandiant #rdp #ssh #thisweekinsecurity #hackaday
posted by pod_feeder_v2

This Week In Security: Bitwarden, Reverse RDP, And Snake

This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to use Windows Hello as …

Brad Koehn ☑️

January 4, 2024 8:47pm

TIL that you can sign #git commits with your #ssh key. Makes sense, since working #gpg is a #pita, and why create a second #PKI?

Script Kiddie

January 4, 2024 11:31am

They are sharing SSH CVE-2023-48795 (Terrapin attack) vulnerable instances found in their IPv4/IPv6 scans

Nearly 11M instances (by unique IP) found vulnerable (~52%).

Background on the #vulnerability: https://terrapin-attack.com

fedivers: https://infosec.exchange/@shadowserver/111691389140858555

#cve #network #internet #security #bug #cyberwar #software #terrapin #attack #danger #administration #update #patch #ssh

Hackaday (unofficial)

December 29, 2023 5:00pm

This Week in Security: Triangulation, ProxyCommand, and Barracuda

#hackadaycolumns #news #securityhacks #ssh #thisweekinsecurity #triangulation #hackaday
posted by pod_feeder_v2

This Week In Security: Triangulation, ProxyCommand, And Barracuda

It’s not every day we get to take a good look inside a high-level exploit chain developed by an unnamed APT from the western world. But thanks to some particularly dedicated researchers at Ka…

Kristian

December 21, 2023 7:22am

Also: At some point, "web development" was mostly about dynamically changing a couple of files using #vim through an #ssh connection to some remote machine. Not to say there's a reason to use newer tools, but quickly fixing minor glitches on a staging machine with an #angular app deployed is slightly more challenging...

david Marec

December 18, 2023 8:58pm

Une faille de sécurité a été trouvée dans le protocole SSH

#OpenSSH sort la 9.6 pour réduire l'ange d'attaque.

#FreeBSD devrait suivre.

#security #ssh #freebsd #openbsd

Hackaday (unofficial)

November 17, 2023 4:00pm

This Week in Security: SSH, FTP, and Reptar

#hackadaycolumns #news #securityhacks #ftp #rsa #ssh #hackaday
posted by pod_feeder_v2

This Week In Security: SSH, FTP, And Reptar

It’s time to strap on our propeller beanies, because we’re going to talk crypto. The short version is that some SSH handshakes can expose enough information for a third party to obtain …

Brad Koehn ☑️

November 13, 2023 1:38pm

https://arstechnica.com/?p=1983026

Ouch.

#secuity #ssh

In a first, cryptographic keys protecting SSH connections stolen in new attack

An error as small as a single flipped memory bit is all it takes to expose a private key.

utzer [Friendica]

August 16, 2023 5:41pm

Somehow the #rsync transfer is causing problems, when I use the preconfigured host from ssh config it will do this:

receiving incremental file list
delta-transmission enabled
~V escape not available to multiplexed sessions
unexpected tag 113 [receiver/inc]
rsync error: error in rsync protocol data stream (code 12) at io.c(1648) [receiver=3.2.3]
rsync: [generator] write error: Broken pipe (32)
rsync error: error in socket IO (code 10) at io.c(823) [generator=3.2.3]

#SSH config contains this:

        ServerAliveInterval 4
        ServerAliveCountMax 4
        ControlMaster auto
        ControlPath /tmp/ssh-%r@%h:%p
        ControlPersist 1
        ForwardAgent yes
        CanonicalizeHostname yes

host entry in ssh config is this:

Host name
        Hostname example.org
        User username
        Compression no
        RequestTTY force
        DynamicForward 7074

Is the problem the "RequestTTY force" or something else?

#debian #linux

0 Persons are tagged with #ssh

#ssh

RegreSSHion: Neue alte SSH-Sicherheitslücke

They are sharing SSH CVE-2023-48795 (Terrapin attack) vulnerable instances found in their IPv4/IPv6 scans