Saturday, June 29, 2024

Re: Offline syspatch

On Sat, Jun 29, 2024 at 01:42:15PM +0200, Anders Andersson wrote:
> > Any suggestions to mitigate the zero-click exploit with fileless malware attacks. Please advise. In the firewall rules, one of the main purposes of block all rule is to make the attacker completely blind of the system being implemented, however, updating online completely defies the purpose of block all, because it helps a corrupted adversary monitoring the transmission figure out the server/site connecting to, in our case bsd, therefore, revealing the platform being implemented and lunching an attack targeted to that specific platform.
>
> While the process of doing an offline sysupgrade is an interesting
> question as-is, I'm curious: what exactly do you mean by "exploits"
> here, and which patch do you think would solve the problem?
>
> I don't see anything serious that would be relevant to a headless
> server, and if you're claiming that an attacker can exploit your
> OpenBSD 7.5 server by doing some MITM on the wire then I think the
> developers would be very interested in hearing about the details!

I also don't fully understand what the OP means. However the lead of this
discussion I'd like to be part of, out of personal interest. It may be
foolish to put 100% reliance on signify considering the looming threat of
Quantum Computers being able to apply Shor's algorithm at some point in time.

Does anyone here have leads as to how much time we have before this as Rodney
Grimes in his book he authored with the title "cryptography apocalypse". I
have this book still, I'm moving to .ca very soonish (3 weeks?), so that's
when I won't have it anymore. Judging by whether I get a job in the Ottawa
area before my travel money runs out, I'm destined to dissolve my apartment
in .de in October. All this aside, just letting this wonderful community
know what I'm doing and where I'm going, Some MIC circles may have interests
in hijacking Open Source outlets, and things may get difficult fast.

I'm interested in any plans, discussions worth contributing to, and insights
in this threat on Open Source and particularily the free and open world
approach and philosophy. Count me in to take note of everyones view point
even if I don't re-contribute to this thread.

Best Regards,
-pjp

--
** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
PS: my phone is down for the moment until I remember the AVM router password.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)