Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

agnos.is Forums
  1. Home
  2. Uncategorized
  3. OpenSSH vulnerabilities could pose huge threat to businesses everywhere

OpenSSH vulnerabilities could pose huge threat to businesses everywhere

Scheduled Pinned Locked Moved Uncategorized
5 Posts 5 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G This user is from outside of this forum
    G This user is from outside of this forum
    [email protected]
    wrote last edited by
    #1

    Subtitle: Qualys finds two worrying bugs in OpenSSH

    When I checked my personal rigs Debian had already released the patches and my home server had already auto updated itself.

    demesisx@infosec.pubD P K 3 Replies Last reply
    1
    0
    • technology@lemmy.worldT [email protected] shared this topic
    • demesisx@infosec.pubD This user is from outside of this forum
      demesisx@infosec.pubD This user is from outside of this forum
      [email protected]
      replied to Guest last edited by
      #2

      Hot take: Might be wise to adopt the security by obscurity model and go with an OS that is hardened (ideally, a formally verified microkernel like sel4) or runs in a custom VM/container with almost zero attack surface area.

      1 Reply Last reply
      0
      • P This user is from outside of this forum
        P This user is from outside of this forum
        [email protected]
        replied to Guest last edited by
        #3

        The single biggest attack vector for SSH is IPv4. Disable it and 99% of issues go away.

        P 1 Reply Last reply
        0
        • K This user is from outside of this forum
          K This user is from outside of this forum
          [email protected]
          replied to Guest last edited by
          #4

          Soo, the point is to not enable features that undermine security, like using an FQDN as a key (or source of a key) and to enable features that reduce DoS, like a connection timeout. Does not sound like bugs, just like missing default options.

          It's still important to not use the affecting options.

          1 Reply Last reply
          0
          • P This user is from outside of this forum
            P This user is from outside of this forum
            [email protected]
            replied to Guest last edited by
            #5

            If my isp would support ipv6, that would be great!

            1 Reply Last reply
            0

            • Login
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • World
            • Users
            • Groups