Login

Recent searches

No recent searches

Search options

Only available when logged in.
icosahedron.website is one of the many independent Mastodon servers you can use to participate in the fediverse.
Icosahedron.website is a mastodon instance and part of the ActivityPub network / the Fediverse.

Administered by:

Server stats:

136
active users

icosahedron.website: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

Public
Aral Balkan

Linux folks – remember to update your systems (elementary OS: run Operating System Updates from AppCenter or sudo apt update from Terminal) to fix Polkit vulnerability.

Screenshot of elementary OS AppCenter showing the Polkit updates and other Operating System Updates.
#linux#security#polkit
Public
Jons Mostovojs

@aral it's not a remote code execution though, right? Good reminder anyway, I'll go do that.

Public
Sir Garbagetruck

@jonn @aral Read thru the (rather easily read) exploit explanation, and you'll see why it doesn't really matter if it's _immediately_ remotely accessable.

It's just straight up simple.

Public
Jons Mostovojs

@Truck @aral I mean, it's a privelege escalation exploit, right? If you have an attacker in the system a lot of things will go wrong with or without it. But yeah, patching stuff like this is very important!

Sir Garbagetruck

@jonn @aral Yes. And I wasn't saying you weren't going to - just that this sort of talk can cause some people who don't fully understand risk management with servers online to say "oh, I'll wait, it's not big enough." It's like sleeping... you CAN avoid it. You just will be far easier to exploit if you don't.

And I've read from a few people "well it's not that big" and I'm sorry, aren't you running Wordpress, buddy? Gosh I have NO idea how anyone could POSSIBLY exploit anything via Wordpress plugins at all that NEVER happens. Etc (:

When I read an exploit and it just smells of "braindead simple" I know someone out there is gonna expiriment, and that's gonna roll into something else, and...

No, this isn't log4j level. This is _standard, everyday_ level. Not "people don't want to run their own servers" crap, but "maintenance of everything is a good discipline."

Jan 27, 2022, 12:01 PM·Public·brutaldon
0boosts·0favorites
Search
About