Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment This is public (Score 1) 153

https://www.evilsocket.net/202...

The issue(s)
- Does NOT affect all GNU/Linux systems.
- Is not CVSS 9.9. I put it at a 6.3

It also requires:
1) The victim system has no active firewall to block incoming connections.
2) A user on the victim system must print something to a printer that mysteriously appears on the system that has never been there before.

If these two things happen, then command execution can happen as the "lp" user.

Comment Oh, please. (Score 5, Interesting) 153

The thread that the title comes from is from a Twitter user that later stated about the issue: "And YES: I LOVE hyping the sh1t out of this stuff because apparently sensationalism is the only language that forces these people to fix. "

As such, every single thing about the topic should be taken with a grain of salt. Starting with systems affected (it's not all GNU/Linux) and also CVSS score (I score it as a 6.3 instead of 9.9). Use your imagination to decide how much of what was posted is based on fact as opposed to fantasy.

For starters, only systems without an enabled firewall are exploitable. (Note: Ubuntu doesn't enable a firewall by default for reasons I cannot fathom).
Secondly, the attack requires the victim to take a specific implausible action for the attack to work.

There's really nothing to see here. Spending your time thinking about any other vulnerability or attack vector would be a much better use of your time.

Comment Re:if you really must do it... (Score 1) 144

"Every distribution in existence" is an obvious exaggeration.

For example, the current Ubuntu (24.04) and Debian (12.6.0) ISOs use a UEFI boot image that indicates that it's vulnerable (shim,2), and therefore will fail to boot with SecureBoot enabled when this SBAT is installed.
Similarly, an installed (and fully updated) Ubuntu 22.04 instance also provides a UEFI boot image that indicates that it's vulnerable (shim,3), and therefore is unbootable with SecureBoot with the recent SBAT update.

Yes, it's unfortunate that Microsoft has pushed out an update that affects non-Windows things. But when the Linux distributions today have failed to properly update things in response to a two-year-old vulnerability, yeah, there will be consequences.

https://infosec.exchange/@wdor...

Comment Re:Vault 7 (Score 2) 82

Except there isn't a DLL hijacking vulnerability at all. The CIA "issue" is that on an already-compromised computer, an administrator-privileged attacker can replace a Notepad++ DLL with one that does something else.

Notepad++ itself cannot do anything to protect itself from being hijacked in such a way.

Comment This is idiotic. (Score 1, Insightful) 82

From the Notepad++ page (and even the Slashdot summary): "Note that once usersâ(TM) PCs are compromised, the hackers can do anything on the PCs."

Repeat after me: If my computer is compromised, there's nothing that any individual app on the system can do to protect itself from being hijacked.

There's nothing to see here.

Comment What are you getting? Support. (Score 2) 183

What am I getting for 3x the price?

You are getting a phone that won't be immediately abandoned, like most other Android phones. You are paying for the support contract.

What does one get out of a support contract? Security updates. Sure, you can save money on a cheaper phone. Just make sure that you factor in the cost of a potential device compromise due to lacking security updates.

Comment Re:That's not what I'm seeing here, image posted (Score 1) 38

I am viewing that setting through the process you described. It's well-known that Uber pushed out the change to remove the "while using" option at the beginning of December. https://www.eff.org/deeplinks/...

I'd say that you should consider yourself lucky to be the outlier. How you got there, I have no idea...

Comment Re:Anyone have any more info? (Score 1) 147

It's remotely exploitable with no user interaction if the web admin stuff is exposed to the internet. If the remote web admin is not enabled, then it's exploitable as the result of a user on the network viewing a malicious or compromised website.

Changing the IP address or subnet of your router will only stop the laziest/inept of attackers.

Slashdot Top Deals

"It is easier to fight for principles than to live up to them." -- Alfred Adler

Working...