It could install software that transmits the data some time else. Basically something virus would do. The code can be hidden somewhere or loaded from somewhere with simple code.
Those are basic tactics used for years by malware. If just simply monitoring would be enough to protect against malware then we would have way less problems.
You should never run untrusted code or code by untrusted ppl.
You are not running the software cause you do not trust the ppl running it? So you do host the software anyway? Just because it is OS and just because you can run it on your own hardware does not mean you can blindly trust it.
The installer has included a root certificate before that gets installed without asking. Also there are some code blobs in the code iirc.
Also how they handled the initial wayland “support”.
It is relatively easy to smuggle in backdoors if you are the maintainer of the code and afaik there was not even an independent audit.
Saying it is fine just because of it being OS is really naive.
You have clearly not understood what it does. It basically acts as a basic WAF by blocking the access to various paths that are required by the default sharing feature but not by this “proxy”.
I mean you have the current image cached on the local server when you use it.
1 GB of RAM for every TB of storage is recommended but you can do with way less for ZFS.
What do you mean with encryption? Does it need to be transport encrypted, end to end encrypted or is encryption at rest (when the server is offline) good enough?
Open standards are the first step of a functional transition to an open government. From there Open Source Software can compete against commercial software, once the ppl see that the FOSS offers the same features then the proprietary paid software they can easily switch to it. With open standards they only need to train the users, no data to migrate etc.
Focus instead on enforcing standards’ compliance so i can open a
.docxwith any program and be usable anywhere.
That’s an impossible task. Not even Microsoft manages that. Do not want to count how often i used libreOffice to repair or convert an older MSOffice file so it can be opend with modern Versions of MSOffice.
Once there was a 500MB Excel Sheet with lime 500-1000 used Cells, opened and saved it to.a xlsx file using libreOffice and reduced it to a few MB while still being fully functional.
Yes i do i and you do you. But advertising those things as security measures while not adding any real security is just snake oil and can result in neglecting real security measures.
As i said, the whole internet can be port scanned within seconds, so your services will be discovered, what is the risk you assume to have when your IP address is known and the fact that you host a service with it? The service has the same vulnerabilities if it is hosted via cloudflare tunnels or directly via port forwarding on the router. So you assume that your router is not secure? Then unplug it, cause it is already connected to the router.
Geoblocking is useless for any threat actor. You can get access to VPN services or a VPS for very very very little money.
You want your backup functional even if the system is compromised so yes another system is required for that, or through it to the cloud. Important that you do not allow deleting or editing of the backup even if the credentials used for backing up are compromised. Basically an append only storage.
Most Cloud Storage like S3 Amazon (or most other S3 compatible providers like backblaze) offer such a setting.
I doubt that this is the case, whether it is encrypted or not. The complexity and risks involved with decrypting it on the fly is really unrealistic and unheard of by me (have not heard of everything but still)
Also the ransomware would also need to differentiate between the user and the backup program. When you do differentiated backups(like restic) with some monitoring you also would notice the huge size of the new data that gets pushed to your repo.
Edit: The important thing about your backup is, to protect it against overwrites and deletes and have different admin credentials that are not managed by the AD or ldap of the server that gets backed up.
During that time, your data is encrypted but you don’t know because when you open a file, your computer decrypts it and shows you what you expect to see.
First time i hear of that. You sure? Would be really risky since you basically need to hijack the complete Filesystem communication to do that. Also for that to work you would need the private and public key of the encryption on the system on run time. Really risky and unlikely that this is the case imho.
Would it be not much easier (and more portable) if you create a Linux VM in for example VirtualBox? From there you could just follow any Linux guide.
The cheap models can not be flashed with openwrt since they use some proprietary drivers or something.
The complete Opal series is not supporte iirc.
You should have read the post more carefully. The CVE affects every OS. Just the first shown example is Windows only.
Also, the relevant commits are outlined in the first paragraph. This article is not for the stupid user it’s a technical analysis on a few ways to exploit it and for those cases the commits are more relevant than the version. Also saying which versions are affected is not that easy, commits can be backported into an older version by for example the packager.
This is not really correct. Those companies take complete control of the secret keys. And no, it is not the same effect when you use tailscale compared to wireguard cause of various reasons. CGNAT, no port forwarding, funnels etc.
Netmaker, Tailscale or Zerotier
No way in hell i am giving a company complete remote access to my servers and clients.
I am talking about it in general. If you trust it or not depends on you. I am just saying that the argument that it is OS or that you can host the server yourself does not automatically mean that it is safe. That applies to any software.