A Linux distribution is free to define its own security policy, which serves as a common understanding between developers and users.
And not all packages require auditing. The primary concern here lies with D-Bus services. Many D-Bus services need to run as root while allowing non-root users to access them. This enables users to perform tasks such as mounting or unmounting block devices without relying on SUID or sudo.
Such services are often referred to as "security boundaries", because they help isolate different privilege levels. Thus, security of those service is vital, especially in enterprise-oriented distributions.
Nobody suggests anyone adding a repo. It has already been stated very clearly in the article:
> 5) How to Continue Using Deepin on openSUSE
> Given ..., we don’t recommend to use the Deepin desktop at this time. If you still ... then you can add the Deepin devel project repositories to your system...
fail2ban works just fine with sshd. I combine this GeoIP blocking ceetain troublesome locations in firewalls. 98% of my scanning / exploiting comes from 11 countries.
fail2ban is great, but only works on the local host.
The post says: "Right now our perimeter firewall is blind to whether a brief SSH connection was successful or not"
(I suspect there's a way to set up centralised logging and fail2ban running looking at those centralised logs and sending updates to a perimeter firewall, but that's not a typical deployment of fail2ban. Or at least is wasn't when I was heavily using it a while back.)
Actually this already is the SOTA of cracking. My honeypot can see several different IP is brute forcing concurrently, and they seems irrelevant. But once you let one of them login, it will quit immediately and all those IPs will quiet after ~15sec. Then one of those IPs will login again to deploy miner.
reminds me of using the old MIRROR target in iptables back in the day. before it was removed because its ridiculous. we used to watch script kiddies trying to brute force their own hosts but even then we knew it was ripe for abuse.
Probably for the best, since it sounds like that could be used for DDoS amplification and/or reflection.
For example, if an attack could spoof traffic to get two different reflectors hall-of-mirror-ing each other, or using a botnet that spoofs traffic to get one collection of dupes to slam a single victim in response, etc.
How would you spoof multiple valid packets in a TCP-based protocol requiring a sequence of interactions when you can't receive any of the ACKs (because they'll be sent to not-your-IP)?
Unless the payment is performed by foreign entity (which means a US employer is hiring a Chinese hacker), it's not a wise choice to do currency exchange when measuring salary, because it would erase other facts affecting salary, like CPI or housing price.
Apart from (both visible and invisible) taxes, I expect a senior programmer would earn ~500-700k CNY per year. Game programmers may reach up to 200k. For a team able to perform such attack, 1M/yr avg. might be reasonable.
But if this is not a state-sponsored attack, I can't find enough interest. And, if this is state-backed...contractor or some dishonest officials would a huge part, so the real cost might be >2M/yr. Considering you can get nothing during 2 year's lurking I doubt if it's feasible enough.
Will post an updated demo with the output and share it here later today! But here is what one response looks like:
"Thank you for your report. the AI labelled this email as malicious. It contained the url https://to58gnrroh2pot.pages.dev/smart89/. The summary: The URLScan report indicates a high likelihood of phishing activity associated with the analyzed URL. The overall score is 100, with identified categories including "phishing" and specific branding as a "tech support scam." The report highlights the presence of malicious intent, with tags such as "phishing" further supporting this classification. The analysis involved IPs from Germany and the Netherlands, associated with the domains "to58gnrroh2pot.pages.dev" and "ipwho.is," and servers named "cloudflare" and "ipwhois." Various URLs, domains, certificates, and hashes were examined during the scan, pointing towards a comprehensive evaluation of the webpage's content and its potential threat level. The verdicts from URLScan and the community reinforce the malicious nature of the webpage, emphasizing the need for caution."
