Over at the bad place, @evilsocket has reported an unauthenticated RCE in all GNU/Linux systems.
-
@dangoodin there’s no technical details at all, it’s just people panicking without knowing what they’re panicking about, which InfoSec peeps are very good at and usually ends poorly. There’s nothing actionable.
-
Jan Wildeboer 😷:krulorange:replied to Kevin Beaumont last edited by [email protected]
@GossiTheDog @dangoodin AKA ego-boosting clickbait. In 2 weeks we supposedly will see the meat, as agreed with the security folks at Red Hat, Canonical etc according to the reporter. When they are fine with the disclosure, I feel quite safe.
-
Risottoreplied to Jan Wildeboer 😷:krulorange: last edited by
@jwildeboer @GossiTheDog @dangoodin
*shakes the magic 8 ball*
"you will have a vulnerability reported 3 weeks ago, disclosed 2 weeks from now, that existed for a year in the wild. do you have logs and do threat hunting?"
*returns the magic CISO prediction ball*
-
LStorgaardNOreplied to Jan Wildeboer 😷:krulorange: last edited by
@jwildeboer @GossiTheDog @dangoodin yes, but if they start flinching on the disclosure date 1,5 week from now I think we’re allowed a bit of panic.
-
Jan Wildeboer 😷:krulorange:replied to LStorgaardNO last edited by
@LStorgaardNO Do you know anything about that being a possibility or are you just happily trying to add fuel to a fire that hasn't even been ignited yet? @GossiTheDog @dangoodin
-
LStorgaardNOreplied to Jan Wildeboer 😷:krulorange: last edited by
@jwildeboer @GossiTheDog @dangoodin sorry no, just an attempt too add some humour. I completely agree with you.
-
Over on the hell site, @evilsocket now says this vulnerability will be disclosed in about an hour.