Wanna bet they expose SSH on port 22 to the internet on their “critical” servers? 🤣
Sure, but the author makes it sounds like thats its their standard way of doing things, which is insane.
And if you do have a misconfiguration, the rational thing is to fix that, not dump the entire platform.
If the hypervisor or any of its components are exposed to the Internet
Lemme stop you right there, wtf are you doing exposing that to the internet…
(This is directed at the article writer, not OP)
deleted by creator
Its still pretty common in wedding services to announce the couple as “Mr and Mrs [Man Name]”. Even seen it when the bride isnt taking the husbands surname.
My partner and I hate it as well.
If your goal is to interrupt her usage to avoid excessive usage, would a pomodoro timer help?
I dunno if that can be setup to force lock the screen or something, but maybe its helpful? Depends if its easy to override?
Brb, gonna paint a kangaroo
The claims are well into the “I found a unicorn” territory, I’m tipping its either “If you misconfigure this, its unsafe”, or its a real vuln, and its significantly harder to exploit that they are claiming.
Not all Linux’s have SSH enabled, especially out of the box.
They have some other posts about IPv6 parsing (also not universal), but that doesnt sound like an “easy” RCE.
Doesn’t even startup on my box, but doesn’t crash the kernel or system either, just regular application crash
There really is 2 NSA’s, with conflicting goals. Keep Americans secure, and collect everyone elses data. Its a difficult line to walk. The first half does produce really good advice and tools, but is undermined by the second halfs image.
I fortunately never learnt Ida due to cost, so I have no idea what is missing, but ghidra was a godsend for CTFs. Suddenly reversing challenges were accessible and easy.
https://code.nsa.gov/# - Lots of useful stuff here.
Kernel shouldn’t crash, and anything running in memory will be okayish, but it definitely will get less and less stable. It won’t be possible to start new processes.
I have a Linux install on a USB SSD with a flakey connection, if I bumped the cord the root would unmount. It was fairly resilient, but graphics would slowly start disappearing. I’m fairly sure I could cleanly reboot as long as I had a terminal open, but its been a while, so maybe I’m misremembering.
Still, the overall system becomes pretty useless, so i guess its fair to call it a crash
touch
😏
There are rust libraries to send signals, might be better to use those rather than calling bash. eg. https://docs.rs/nix/latest/nix/sys/signal/index.html
I’m guessing if input was “”, then it would sigkill all processes? Less confident, but some functions behave slightly differently in an interactive console vs a non interactive, maybe ps
has a different format when used non interactively?
Aside, you want three backticks and a newline to get code formatting :)
Ah, that definitely would feel like a crash. Sent kill signal to cgroup accidentally? Or just iterate over all processes and signal them all?
OPs example was task management, which doesn’t require kernel modules.
Doesn’t explain OPs task management example. And won’t crash the kernel, just make things unresponsive
You’ll definitely get lots of login attempts. I used to have a port 22 ssh, hundreds of attempts per day.
Would be interesting to see what post login behavior was.