Collaborate Disseminate
hmac-sha256, hmac-sha256@ssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha512, hmac-sha512@ssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com
Can someone help in ordering the above ciphers by security level?
The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone …read more Continue reading This Week in Security: XZ, ATT, and Letters of Marque
For my own (public) servers, is it considered a good idea to only allow ssh connections from VPN connections (OpenVPN, Wireguard or otherwise), to mitigate any possible attacks in the future on ssh?
It seems that ssh is constantly under at… Continue reading Does using a VPN to allow ssh connections provide better security, especially after seeing how CVE-2024-3094 (XZ backdoor) is done?
The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:
Malicious code added to XZ Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. No one has actually seen code uploaded, so it’s not known what code the attacker planned to run. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware…
Many threads like this one on reddit are springing up, which is great for spreading awareness of a major CVE. But questionable advice like this occasionally worms its way in:
Check your version with xz -V in the terminal
Now, this obviou… Continue reading Will using the xz binary trigger any call-home mechanism? [closed]
In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux …read more Continue reading Security Alert: Potential SSH Backdoor Via Liblzma
ssh-keygen -t ed25519-sk -O resident -C "yubikey-fido1
My understanding is that I should be able to generate openssh keys with fido2 without password and require touch-only. While that opens up a potential attack when both the device… Continue reading ssh-keygen fido2 keys without password
Even though I don’t have SSH or OpenSSH installed on my machine, I noticed that I have the following directory ssh-XXXXXX2ivnoU in the tmp directory. Inside that directory is a file named agent.2640
What could be causing the creation of th… Continue reading MX Linux SSH folder in tmp directory [closed]
Android, the popular mobile phone OS, is essentially just Linux with a nice user interface layer covering it all up. In theory, it should be able to do anything a …read more Continue reading Webserver Runs on Android Phone
A few days ago may server was hacked and crashed via Out of memory.
In the auth.log i discovered my password as username. So my pw was stolen.
I got a lot of successful logins from many ips in my auth.log!
Source of my pw i guess:
I had s… Continue reading Debain 12.4 server hacked via ssh pw login – what was it? [closed]