1. 12
  1.  

  2. 3

    I get that they can’t reveal all the details for the exploit but I’m curious about at least which mechanism it uses.

    I run a Synology NAS that’s also Linux based. I’d like to think I have it locked down reasonably well, but maybe I should run Clam AV on the thing anyway.

    1. 3

      I hope it uses system OpenSSL for encrypting files to avoid loading unnecessary dependencies. ;)

      Seriously though, so many people use absurdly weak passwords I wonder why it’s not more common.

      1. 2

        Intezer determined that the initial attack vector for the campaigns is SSH brute-force attacks

        It’s 2019, are there any remaining reasons why password SSH auth shouldn’t be deprecated/removed from and key-based auth used everywhere by default?

        1. 3

          You generally need (or want) password SSH auth to bootstrap your setup of key-based auth (using ssh-copy-id). But that’s then about it. Maybe ssh should print a warning whenever password auth is used, reminding you to turn it off when you’re done.