Security News

Looking for a way to gain a bit more security and privacy for your SSH connections? Jack Wallen shows you how with the help of Tor.

Looking for a way to gain a bit more security and privacy for your SSH connections? Jack Wallen shows you how with the help of Tor. I'm going to walk you through the process of making SSH connections over Tor.

One of Britain's most powerful academic supercomputers has fallen victim to a "Security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys. Sysadmins warned ARCHER users that their SSH keys may have been compromised as a result of the apparent attack, advising them to "Change passwords and SSH keys on any other systems which you share your ARCHER credentials with".

One of Britain's most powerful academic supercomputers has fallen victim to a "Security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys. Sysadmins warned ARCHER users that their SSH keys may have been compromised as a result of the apparent attack, advising them to "Change passwords and SSH keys on any other systems which you share your ARCHER credentials with".

Preventing idle SSH sessions from remaining connected is an easy way to add a bit more security to secure shell. Find out how.

A recently identified botnet built using the Golang programming language is targeting Linux systems, including Internet of Things devices, using a custom implant, Intezer reports. The botnet, which security researcher MalwareMustDie named Kaiji, is of Chinese origin and spreads exclusively via SSH brute force attacks, targeting the root user only.

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials. The intrusion, which took place last month, involved one or more malicious persons "Alter" an SSH file on GoDaddy's infrastructure, the US giant told The Register.

Preventing idle SSH sessions from remaining connected is an easy way to add a bit more security to secure shell. Secure Shell includes a timeout feature that allows you to configure the SSH server such that it will disconnect a user, after a set period of inactivity.

Apple's latest update to macOS Catalina appears to have broken SSH for some users. The issue is that under Apple's macOS 10.15.4 update, released on March 24, trying to open a SSH connection to a port greater than 8192 using a server name, rather than an IP address, no longer works - for some users at least.

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on. When these disassociation packets are received, vulnerable Wi-Fi controllers - made by Broadcom and Cypress, and used in countless computers and gadgets - will overwrite the shared encryption key with the value zero.