this post was submitted on 19 May 2026
192 points (96.2% liked)

Technology

84834 readers
4490 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
192
The 4th Linux kernel flaw this month can lead to stolen SSH host keys (www.zdnet.com)
submitted 3 days ago by sveltecider@lemmy.ca to c/technology@lemmy.world
54 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Pika@sh.itjust.works 109 points 3 days ago

I think that the OP(the article author) is not looking at this the right way. Like yea it sucks another exploit is found, but it's not like if it wasn't found it doesn't exist.

I think its much better to have them published and fixed then to live in blissful ignorance when someone could be exploiting it in the wild.

[–] kescusay@lemmy.world 114 points 3 days ago

It's listed as medium severity and appears to require the hacker to already have terminal access to the system. It's also already patched and there's a quick and easy workaround if your distro doesn't have the fix yet.

[–] 9point6@lemmy.world 61 points 3 days ago (4 children)

Oh FFS, the rest of my life is doomed to be spent updating software

[–] NGC2346@sh.itjust.works 10 points 2 days ago (1 children)

It is more important than ever to introduce geo-ip conditional access on your network(s). That way you limit your attack surface by a significant margin.

[–] 9point6@lemmy.world 4 points 2 days ago* (last edited 2 days ago) (1 children)

My personal stuff 100%

For work? No such choice (apart from the obvious ones)

[–] NGC2346@sh.itjust.works 1 points 2 days ago (1 children)

Your work most likely already has conditional access through MS Entra

[–] 9point6@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

Not a Microsoft shop, but yes they have a pretty extensive IDS for anything public facing, another company to handle internal Auth

[–] db2@lemmy.world 74 points 3 days ago (1 children)

🌏🧑‍🚀🔫🧑‍🚀

[–] wltr@discuss.tchncs.de 17 points 3 days ago

Always has been!

[–] LeapSecond@lemmy.zip 51 points 3 days ago (2 children)

But careful not to update too fast and fall on the supply chain attack of the week.

[–] albbi@piefed.ca 5 points 3 days ago* (last edited 3 days ago)

Pretty sure that was in the bible.

Proverbs 25:16 - If you find honey, eat just enough - too much of it, and you will vomit.

Could update that to be: If you find updates, apply them - too soon though, and you will vomit your credentials.

[–] corsicanguppy@lemmy.ca 1 points 3 days ago

That's difficult. Openssh is coded in C, not js.

[–] MagicShel@lemmy.zip 4 points 3 days ago

That's what we call job security, I suppose.

[–] JaymesRS@piefed.world 11 points 3 days ago

Oh good. Nothing too serious, then.

load more comments
view more: next ›