this post was submitted on 19 May 2026
183 points (96.4% liked)

Technology

84807 readers
5818 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
183
The 4th Linux kernel flaw this month can lead to stolen SSH host keys (www.zdnet.com)
submitted 1 day ago by sveltecider@lemmy.ca to c/technology@lemmy.world
54 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Pika@sh.itjust.works 99 points 1 day ago

I think that the OP(the article author) is not looking at this the right way. Like yea it sucks another exploit is found, but it's not like if it wasn't found it doesn't exist.

I think its much better to have them published and fixed then to live in blissful ignorance when someone could be exploiting it in the wild.

[–] kescusay@lemmy.world 107 points 1 day ago

It's listed as medium severity and appears to require the hacker to already have terminal access to the system. It's also already patched and there's a quick and easy workaround if your distro doesn't have the fix yet.

[–] 9point6@lemmy.world 55 points 1 day ago (4 children)

Oh FFS, the rest of my life is doomed to be spent updating software

[–] NGC2346@sh.itjust.works 7 points 6 hours ago (1 children)

It is more important than ever to introduce geo-ip conditional access on your network(s). That way you limit your attack surface by a significant margin.

[–] 9point6@lemmy.world 3 points 5 hours ago* (last edited 5 hours ago) (1 children)

My personal stuff 100%

For work? No such choice (apart from the obvious ones)

[–] NGC2346@sh.itjust.works 1 points 4 hours ago (1 children)

Your work most likely already has conditional access through MS Entra

[–] 9point6@lemmy.world 1 points 3 hours ago* (last edited 3 hours ago)

Not a Microsoft shop, but yes they have a pretty extensive IDS for anything public facing, another company to handle internal Auth

[–] db2@lemmy.world 69 points 1 day ago (1 children)

🌏🧑‍🚀🔫🧑‍🚀

[–] wltr@discuss.tchncs.de 15 points 1 day ago

Always has been!

[–] LeapSecond@lemmy.zip 47 points 1 day ago (2 children)

But careful not to update too fast and fall on the supply chain attack of the week.

[–] albbi@piefed.ca 3 points 1 day ago* (last edited 1 day ago)

Pretty sure that was in the bible.

Proverbs 25:16 - If you find honey, eat just enough - too much of it, and you will vomit.

Could update that to be: If you find updates, apply them - too soon though, and you will vomit your credentials.

[–] corsicanguppy@lemmy.ca 1 points 23 hours ago

That's difficult. Openssh is coded in C, not js.

[–] MagicShel@lemmy.zip 4 points 1 day ago

That's what we call job security, I suppose.

[–] JaymesRS@piefed.world 11 points 1 day ago

Oh good. Nothing too serious, then.

load more comments
view more: next ›