ssh with an easy to guess root password?
ssh with an easy to guess root password?
It probably has a large database of exploits it can use. The article claims 20k, but this seems to high for me.
Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.
Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can’t fool the hypervisor ;)
I agree, but I understood this question in the context of a homelab.
And for me, a homelab is not the right place for a public website, for the reasons I mentioned.
No, with these reasons:
I have a VPS for these tasks, and I host a few sites for friends amd family.
I got it a few times over the last years, once on the steam deck.
Just one open source example … freeradius has an option to log passwords:
log {
destination = files
auth = no
auth_badpass = no
auth_goodpass = no
}
Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:
mod_dumpio
allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file. The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.
I don’t agree that this is “absolutely malice”, it could also be stupidity and forgetfulness.
This is not about facebook not hashing credentials, it is that they appeared in internal logs.
Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.
Source: Krebs on Security
All models are equipped with 16GB of RAM, and two additional storage variants are available that cost 21,999 yuan (about $3,089) for 512GB and 23,999 yuan (about $3,370) for 1TB.
They are learning from Apple about the memory price. $300 for 512 gb additional memory storage is insane.
By supporting work on a freelance basis
This sounds like Valve is paying devs to work full time on arch, and thus managing to achive more than volunteers could.
A little low specs for a tablet with “pro” in its name, but at only €400 they needed to save money somewhere
You’re right, my comment was oversimplified.
Because both ways are used. Microsoft relies on file names, linux on the first bytes of the file.
I don’t think “most” applies here. Text-based files, pdf, media files and most executeable files are not .zip.
I think it makes sense from a programming view. When you have a document, you can add all the media files and pack them together as one archive. Then the program sets the filename to .docx so everyone knows that they need an office program to open that file.
For the users, all you need to know is what program can open which files. If every document would be named .zip, you would have no idea if it was a spreadsheet or slides for your presentation.
OP refers to the fact that you can rename some filetypes to .zip and unpack them.
Notable examples microsoft office files (.docx) or android apps (.apk).
Counterexample are media files (mp3, mp4, jpg).
It’s quite obvious from the context
They should have split it so both of them can enjoy at least 50% of it.