this post was submitted on 19 May 2026
196 points (96.7% liked)

Technology

85515 readers
4192 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
196
The 4th Linux kernel flaw this month can lead to stolen SSH host keys (www.zdnet.com)
submitted 4 weeks ago by sveltecider@lemmy.ca to c/technology@lemmy.world
54 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] kescusay@lemmy.world 116 points 4 weeks ago

It's listed as medium severity and appears to require the hacker to already have terminal access to the system. It's also already patched and there's a quick and easy workaround if your distro doesn't have the fix yet.

[–] Pika@sh.itjust.works 110 points 4 weeks ago

I think that the OP(the article author) is not looking at this the right way. Like yea it sucks another exploit is found, but it's not like if it wasn't found it doesn't exist.

I think its much better to have them published and fixed then to live in blissful ignorance when someone could be exploiting it in the wild.

[–] 9point6@lemmy.world 62 points 4 weeks ago (4 children)

Oh FFS, the rest of my life is doomed to be spent updating software

[–] db2@lemmy.world 75 points 4 weeks ago (1 children)

🌏🧑‍🚀🔫🧑‍🚀

[–] wltr@discuss.tchncs.de 17 points 4 weeks ago

Always has been!

[–] LeapSecond@lemmy.zip 51 points 4 weeks ago (2 children)

But careful not to update too fast and fall on the supply chain attack of the week.

[–] albbi@piefed.ca 5 points 4 weeks ago* (last edited 4 weeks ago)

Pretty sure that was in the bible.

Proverbs 25:16 - If you find honey, eat just enough - too much of it, and you will vomit.

Could update that to be: If you find updates, apply them - too soon though, and you will vomit your credentials.

[–] corsicanguppy@lemmy.ca 1 points 4 weeks ago

That's difficult. Openssh is coded in C, not js.

[–] NGC2346@sh.itjust.works 10 points 4 weeks ago (1 children)

It is more important than ever to introduce geo-ip conditional access on your network(s). That way you limit your attack surface by a significant margin.

[–] 9point6@lemmy.world 4 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

My personal stuff 100%

For work? No such choice (apart from the obvious ones)

[–] NGC2346@sh.itjust.works 1 points 4 weeks ago (1 children)

Your work most likely already has conditional access through MS Entra

[–] 9point6@lemmy.world 1 points 4 weeks ago* (last edited 4 weeks ago)

Not a Microsoft shop, but yes they have a pretty extensive IDS for anything public facing, another company to handle internal Auth

[–] MagicShel@lemmy.zip 4 points 4 weeks ago

That's what we call job security, I suppose.

[–] JaymesRS@piefed.world 11 points 4 weeks ago

Oh good. Nothing too serious, then.

load more comments
view more: next ›