"Protecting your SSH port is a critical part of any good Linux security policy. While the list of things to do is well documented across the internet, I wanted to give an alternative to the standard SSH protections. Why not only expose the SSH port via a Wireguard Tunnel? The steps are fairly straight forward, especially if you’ve setup a Wireguard server before. However, there are one or two unforeseen pitfalls which could trip up even more experienced users."
Twitter engineer posts screenshot of his WhatsApp microphone usage. The fingerpointing begins as neither Google nor Facebook want to claim ownership of the problem. Surprise.
Very impressive malware attributed to the FSB. Detected in 50+ countries. Windows/Linux/Mac attack surface area with Protocol masquerading --- implemented as a p2p stack-based network architecture (with p2p relay node support) -- i.e. any payload/activity can go over tcp, udp, ssh, http, https, etc., and can be relayed through nodes.
The PDF goes into quite some technical detail and it seems to be an impressive feat. It includes some potential remediations. No known rootkit detectors seem to be available at this time.
Unfortunately, I am suspicious based on some recent circumstances that this bug is being exploited in the wild.
If you do run Windows, be sure to check that your TPM/SecureBoot devices are enabled, and that Core Isolation/Code Integrity (for example, Hypervisor Enforced Code Integrity) is enabled if possible. Unfortunately, this setting can sometimes cause driver incompatibilities and enabling it via the registry manually may be experimental/crashprone.
I think people are overly quick to dismiss the effectiveness of IDS. Yes, rules often match symptoms/exploit instances rather than actual vulnerability semantics (though this has improved. But like a bike lock, even imperfect IDS gives you protection against opportunistic attacks that are pervasive for any system connected to the Internet.
The fact that IDS can respond without needing to validate a new software release means it can also very often outpace remediation through software updates.
Van Dobben near Rembrandtplein. "Kaascroquetten broodje met mayo" (Cheese croquette on bread with mayonnaise) was my goto when I lived there some years back. Good enough to order two. Very filling and tasty.
"Protecting your SSH port is a critical part of any good Linux security policy. While the list of things to do is well documented across the internet, I wanted to give an alternative to the standard SSH protections. Why not only expose the SSH port via a Wireguard Tunnel? The steps are fairly straight forward, especially if you’ve setup a Wireguard server before. However, there are one or two unforeseen pitfalls which could trip up even more experienced users."