OpenSSH vulnerabilities could pose huge threat to businesses everywhere
(www.techradar.com)
from gerowen@lemmy.world to technology@lemmy.world on 18 Feb 19:54
https://lemmy.world/post/25754749
from gerowen@lemmy.world to technology@lemmy.world on 18 Feb 19:54
https://lemmy.world/post/25754749
Subtitle: Qualys finds two worrying bugs in OpenSSH
When I checked my personal rigs Debian had already released the patches and my home server had already auto updated itself.
threaded - newest
Hot take: Might be wise to adopt the security by obscurity model and go with an OS that is hardened (ideally, a formally verified microkernel like sel4) or runs in a custom VM/container with almost zero attack surface area.
The single biggest attack vector for SSH is IPv4. Disable it and 99% of issues go away.
If my isp would support ipv6, that would be great!
Soo, the point is to not enable features that undermine security, like using an FQDN as a key (or source of a key) and to enable features that reduce DoS, like a connection timeout. Does not sound like bugs, just like missing default options.
It’s still important to not use the affecting options.