Im Juli sorgten zwei #SSH CVEs für Aufsehen. #SUSE Manager 5.0 und Leap Micro 6.0 sind erschienen und #CentOS 7 wurde eingestellt. Weitere Backup-Provider wollen #Proxmox unterstützen. #Firefox 128 verärgert mit PPA, das openSUSE-Projekt diskutiert lebhaft ein Rebranding. Canonical will Docker-Container zukünftig bis zu 12 Jahre unterstützen, während #FreeBSD den Supportzyklus verkürzt.

https://focusonlinux.podigee.io/112-newsupdate-0724-ssh-cves-suse-manager-50-firefox-ppa-canonical-docker-container-lts-nvidia-open-source-treiber

RCE in OpenSSH when compiling with GNU libc

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

As noted by Qualys

> OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability.

Other BSD and musl based Linux (alpine, void) should be unaffected as well.

OpenSSH introduces options to penalize undesirable behavior https://www.undeadly.org/cgi?action=article;sid=20240607042157 #openbsd #openssh #ssh #persourcepenalties #security #adaptivepenalty #secureshell

Hey! Let's talk about #SSH and #security!

If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.

The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.

This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.

A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24

Let's dive in.

Wir sind dieses Wochenende nur durch unglaubliches Glück und extrem knapp an wohl einer der grössten Katastrophen rund um die globale IT-Sicherheit vorbeigeschrammt.

Phuh! Doch — was ist eigentlich passiert? Wie konnte das überhaupt geschehen? Und was können (und müssen) wir tun, um dies zukünftig zu vermeiden?

Und: Danke an die ganzen IT-Helden, die dies an diesem langen Wochenende für uns getan haben.
#xz #lzma #ssh
https://dnip.ch/2024/04/02/xz-open-source-ostern-welt-retten/

Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2024 is out! It includes the following and much more:

➝ #23andMe admits it didn’t detect #cyberattacks for months
➝ #Trello API abused to link email addresses to 15 million accounts
➝ #LoanDepot Breach: 16.6 Million People Impacted
➝ #Microsoft network breached through password-spraying by Russian-state hackers
➝ Russian #TrickBot Mastermind Gets 5-Year Prison Sentence for #Cybercrime Spree
➝ #HPE says it was hacked by Russian group behind Microsoft email #breach
➝ Russian Hackers Suspected of #Sweden Cyberattack
➝ Aviation Leasing Giant #AerCap Hit by #Ransomware Attack
➝ #SEC blames sim-swapping, lack of MFA for X account hijacking
➝ Chinese Hackers Silently Weaponized #VMware Zero-Day Flaw for 2 Years
➝ Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users
➝ French regulator fines #Amazon $35 million over its surveillance system of warehouse workers
➝ #France Fines #Yahoo 10 Mn Euros Over Cookie Abuses
➝ Cracked #macOS apps drain wallets using scripts fetched from DNS records
➝ Malicious #NPM Packages Exfiltrate Hundreds of Developer #SSH Keys via #GitHub
➝ NS-STEALER Uses Discord Bots to Exfiltrate Your #Secrets from Popular Browsers
➝ X adds #passkeys support for #iOS users in the United States
➝ Critical #Jenkins Vulnerability Exposes Servers to RCE Attacks - #Patch ASAP!
➝ AI will increase the number and impact of cyber attacks, intel officers say
➝ Exploit released for Fortra #GoAnywhere MFT auth bypass bug
➝ ️ #Pwn2Own Automotive: Hackers Earn Over $700k for #Tesla, EV Charger, Infotainment Exploits
➝ Mass exploitation of #Ivanti VPNs is infecting networks around the globe
➝ Apple Issues #Patch for Critical Zero-Day in #iPhones, Macs - Update Now

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-042024

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

これ覚えておきたい。

新幹線でもQUICで快適にSSHする #SSH - Qiita https://qiita.com/tksst/items/68e8f802822913025286

新幹線でもQUICで快適にSSHする #SSH - Qiita https://qiita.com/tksst/items/68e8f802822913025286

はえわっちゃあ

CC @ubernauten

Meine (nicht-öffentliche) Nextcloud und bald bestimmt mehr ist auf (A)steroiden, cause proudly hosted by uberspace.de. (Steroide sind natürlich nur für Maschinen OK, und auch nur so lange, wie sie sich nicht gewerkschaftlich organisieren, wie bei Stanislav Lem.)

Außerdem nutze ich @Codeberg,@cryptpad,@duckduckgo, @mxlinux,@keepassxc,#vnc+#ssh,@git,#gittfs,#gitcrypt,@libreoffice,@thunderbird,#chromiumungoogled*#chrlauncher,@fdroidorg,@libretube,@AntennaPod,#opencamera,@anysoftkeyboard,#quickdic,#transportr,@torproject,@signalapp,#jitsi,@Tusky,#mgit,#markor,#PilfershushJammer,#fosswarn,#vlc,#doublecmd,#powershell,#autohotkey,#xca,#openssl,#zapp,@privacybrowser,#UntrackMe,@veracrypt,#AuthPass,@newpipe,#radiodroid,#edslite,#SecScanQR,#sqlitedbbrowser,#avnc,@k9mail,u.V.m., überhaupt privat fast nur und im Job so viel wie geht #floss , im Netz und lokal.

–––

Warum FLOSS? U.A. deshalb:

KI – Macht – Ungleichheit. https://media.ccc.de/v/ce4743cc-50ad-4597-bcc8-58e1a7e53c20

OpenSSH 9.5 released https://undeadly.org/cgi?action=article;sid=20231004154107 #openbsd #openssh #ssh #networking #security #freesoftware

Saturday evening fun updating #IETF document describing popular #SSH key exchange method. What do you think? Feedback welcome.
https://datatracker.ietf.org/doc/html/draft-josefsson-ntruprime-ssh-01

We are happy to announce our partnership with the SDF Computer Museum providing access to PDP-10s through

https://twenex.org

「新しい OpenSSH の脆弱性により Linux システムがリモート コマンド インジェクションにさらされる 」： The Hacker News

「この脆弱性により、リモートの攻撃者が脆弱な OpenSSH の転送された #ssh エージェント上で任意のコマンドを実行する可能性があります」
https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

#Ubuntu 22.04.2 の最新版では、 #openssh は version 8.9p1-3 ですが、この #脆弱性 については既に #パッチ が当たっています。