On Sat, Jun 29, 2024 at 9:30 AM jonathon575 <jonathon575@protonmail.com> wrote:
>
> Greetings,
>
> We are experiencing extensive attacks including zero-click exploits with fileless malware from corrupted ISP/adversary, therefore, online system updating/upgrading is not possible.
>
> For the current release 7.5, specifically for security patches, if we downloaded the security patches located at any of the mirror links, for example,
>
> https://mirror.hs-esslingen.de/pub/OpenBSD/syspatch/7.5/amd64/
>
> manually verified the signature with signify, then changed the online path under /etc/installurl to point to the usb/location that contains the downloaded security patch files, and then executed the command syspatch, usually, the security patch files gets pulled from the pointed physical location and gets updated, however, my question is, would that be sufficient for patching the system, or do we actually have to compile from source and include the security patch files in the compilation process?.
>
> We are applying the same process for firmware files, fw_update -p ./firmware_files
>
> Any suggestions to mitigate the zero-click exploit with fileless malware attacks. Please advise. In the firewall rules, one of the main purposes of block all rule is to make the attacker completely blind of the system being implemented, however, updating online completely defies the purpose of block all, because it helps a corrupted adversary monitoring the transmission figure out the server/site connecting to, in our case bsd, therefore, revealing the platform being implemented and lunching an attack targeted to that specific platform.
While the process of doing an offline sysupgrade is an interesting
question as-is, I'm curious: what exactly do you mean by "exploits"
here, and which patch do you think would solve the problem?
I don't see anything serious that would be relevant to a headless
server, and if you're claiming that an attacker can exploit your
OpenBSD 7.5 server by doing some MITM on the wire then I think the
developers would be very interested in hearing about the details!
No comments:
Post a Comment