Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://friedcheese.us/objects/734b5da5-cba8-44cb-8a0b-b7e1ef86203a">feld (feld@friedcheese.us)'s status on Thursday, 16-Jan-2025 03:20:48 JST</a><a href="https://friedcheese.us/users/feld" title="feld@friedcheese.us"><img src="https://gnusocial.jp/avatar/274913-48-20241012191855.webp" width="48" height="48" alt="feld" style="position: absolute; left: 0; top: 0;">feld</a></section><article>everyone is overreacting to CVEs like usual<br><br>if you're doing rsync over SSH, they'd have to have compromised the server key to not trigger the fingerprint/impersonation warning<br><br>If the server is compromised by an attacker, you have much larger problems.<br><br>Secure both ends. Use a secure network transport that can't be MITM'd. These problems don't matter then.<br><br>RT: <a href="https://mastodon.social/users/nixCraft/statuses/113833699519818054">https://mastodon.social/users/nixCraft/statuses/113833699519818054</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4380647#notice-8567611">In conversation</a><time datetime="2025-01-16T03:20:48+09:00" title="Thursday, 16-Jan-2025 03:20:48 JST">about 4 months ago</time> <span>from <span><a href="https://friedcheese.us/objects/734b5da5-cba8-44cb-8a0b-b7e1ef86203a" rel="external" title="Sent from friedcheese.us via ActivityPub">friedcheese.us</a></span></span><a href="https://friedcheese.us/objects/734b5da5-cba8-44cb-8a0b-b7e1ef86203a">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: files.mastodon.social</div><h5><a href="https://mastodon.social/@nixCraft/113833699519818054">nixCraft 🐧 (@nixCraft@mastodon.social)</a></h5><div> from <span>nixCraft 🐧</span></div></header><div>Attached: 1 imageThe rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/  #infosec #security #linux #unix</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 16-Jan-2025 03:20:48 JST feld
everyone is overreacting to CVEs like usual

if you're doing rsync over SSH, they'd have to have compromised the server key to not trigger the fingerprint/impersonation warning

If the server is compromised by an attacker, you have much larger problems.

Secure both ends. Use a secure network transport that can't be MITM'd. These problems don't matter then.

RT: https://mastodon.social/users/nixCraft/statuses/113833699519818054
In conversationabout 4 months ago from friedcheese.uspermalink
Attachments
1. Domain not in remote thumbnail source whitelist: files.mastodon.social
  nixCraft 🐧 (@nixCraft@mastodon.social)
  from nixCraft 🐧
  Attached: 1 image The rsync utility in Linux, *BSD, and Unix-like systems are vulnerable to multiple security issues, including arbitrary code execution, arbitrary file upload, information disclosure, and privilege escalation. Hence, you must patch the system ASAP https://www.cyberciti.biz/linux-news/cve-2024-12084-rsyn-security-urgent-update-needed-on-unix-bsd-systems/ #infosec #security #linux #unix

Public

Embed Notice

HTML Code

Corresponding Notice