Items tagged with: sysops
NOTE: LibreBoot (status of 2018) can NOT boot Windows X-D (who cares). So i guess you want to use LibreBoot with Linux and Linux only. even when CoreBoot is a 10 year old project... replacing your BIOS with LINUX can be a[...]
#linux #gnu #gnulinux #opensource #administration #sysops #free #fsf #libreboot #coreboot #thinkpad #freehardware #hardware #bios #computrace #surveillance
inside the Dragon X Space Capsule after docking – the zero G puppet starts floating around – indicating that gravity has left the building.
first time SpaceX Dragon SpaceCraft
[video width=“2000″ height=“1500″ mp4=“https://dwaves.org/wp-content/uploads/2019/03/SpaceShip_Dragon_SpaceX_SpinRotation_View.mp4″][/video]
probably replacing the Soyuz capsule (first flight 1966) – is docking with
International Space Station (ISS) Harmony Module (Node2).
ripley got company
dragon made it back to earth, as toast:
How to NOT land a booster:
#linux #gnu #gnulinux #opensource #administration #sysops #spacex #dragon #iss #startrek #mars #space
CheckPoint Security found security problems in OpenSource and closed source rdp clients/servers – the product vendors including MS have been informed and everybody except MS will update their products. X-D
a hacked rdp server can „attack“ the client – in the moment – the client pastes content from server (files or other stuff) – at this moment a malicious/compromised server running outside of corporate LAN could place a file at any path of the client (autostart folder) and run it next time the system boots. not cool.
proposed solution: disable clipboard sharing
… obviously sharing other resources with the server then is also unsafe. folders of course but maybe even printers?
more research would have to be conducted in this field.
my proposed solution: internet access from within the corporate LAN can not be done anymore.
set your router/firewall to only accept connections from certain IPs or even better: pull the plug.
All internet access needs to be done from computers that are NOT connected to the corporate LAN, e.g. via demilitarized WIFI only.
During the responsible disclosure process, we sent the details of the path traversal in mstsc.exe to Microsoft.
This is Microsoft’s official response:
“Thank you for your submission. We determined your finding is valid but does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria).”
As a result, this path traversal has no CVE-ID, and there is no patch to address it.
#linux #gnu #gnulinux #opensource #administration #sysops #rdp #remotedesktop #server #client #clipboard #security #itsec #cybersec