Collaborate Disseminate
I started reading on apt and the security changes to always use GPG signing keys,
but further saw that it by default uses all configured GPG signing keys,
this seems like a small but unecessary loophole.
It looks to be standard for custom … Continue reading Restricting ubuntu signing keys?
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
Firstly, I am being targeted by a skilled hacker.
I’m on an Ubuntu 22.04 machine.
UFW rules are turned on to:
Deny all incoming
Deny all outgoing except:
8.8.8.8 port 53
8.8.4.4 port 53
1.1.1.1 port 53
any port 80
any por… Continue reading Malicious software connecting to localhost port 4789 (VXLAN) [closed]
I have developed a web service for customer. The web service is written in Python and running in Docker containers. It is managed by docker compose.
The customer wants my web service to run on their own Ubuntu servers, but I have control o… Continue reading Is deploying a web application to a customer’s encrypted drive a secure solution against code theft?
I have a ubuntu router set up that is leasing addresses on the LAN ETHO side from my WAN WLAN0 connection through iptables routing. I tested my device and my ETH0 network is able to ssh and ping the devices on the WAN WLAN0 connections. Wh… Continue reading Iptables Command [migrated]
I’m trying to update the Ubuntu OpenSSH version to 9.3p2, because of the CVE-2023-38408 vulnerability, but I can’t.
The recomendation is update to last version: https://ubuntu.com/security/CVE-2023-38408
I am running the following command:… Continue reading How to update Ubuntu SSH version to latest version [closed]
Up first is Zenbleed, a particularly worrying speculative execution bug, that unfortunately happens to be really simple to exploit. It leaks data from function like strlen, memcpy, and strcmp. It’s …read more Continue reading This Week in Security: Zenbleed, Web Integrity, and More!
Researchers discovered two vulnerabilities in the Ubuntu OverlayFS module: CVE-2023-2640 and CVE-2023-32629 (together dubbed ‘GameOver(lay)’).
The post Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads appeared first on SecurityWeek.
Continue reading Two New Vulnerabilities Could affect 40% of Ubuntu Cloud Workloads
Linux magazine reports that “Former Snap co-developer Alan Pope, who left Canonical in 2021 after 10 years with the company, has developed unsnap, a script that replaces snaps with Flatpaks where available. The script, hosted on GitHub, has been tested… Continue reading Former Canonical Developer is Working on a Script that Replaces Snaps with Flatpaks
I have a ubuntu server (Ubuntu 22.10 x64) on Digital Ocean. And I am using fastapi, uvicorn, gunicorn and nginx as I used it for my backend api calls from my frontend and my frontend IP is dynamic.
Recently, I have been getting unknown rem… Continue reading Getting a couple of remote login and calls into Ubuntu server?