Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

feld (feld@friedcheese.us)'s status on Saturday, 18-Jan-2025 13:34:33 JST feld

everyone is overreacting to CVEs like usual

if you're doing rsync over SSH, they'd have to have compromised the server key to not trigger the fingerprint/impersonation warning

If the server is compromised by an attacker, you have much larger problems.

Secure both ends. Use a secure network transport that can't be MITM'd. These problems don't matter then.

RT: https://mastodon.social/users/nixCraft/statuses/113833699519818054
In conversation about 7 hours ago from friedcheese.us permalink
Attachments
1. nixCraft 🐧 (@nixCraft@mastodon.social)
  
  from nixCraft 🐧
  
  Attached: 1 image The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/ #infosec #security #linux #unix
- † top dog :pedomustdie: likes this.
- gentoobro (gentoobro@shitpost.cloud)'s status on Saturday, 18-Jan-2025 13:34:43 JST gentoobro
  in reply to
  
  CVE's almost never matter. It's always something like "An attacker with root permissions and physical access to the machine might be able to recover your Facebook password in only 12 hours with this new speculative execution attack!."
  
  In conversation about 7 hours ago permalink
  
  † top dog :pedomustdie: likes this.

Public

Conversation

Notices

Feeds