mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9.5K
active users

#ssh

23 posts23 participants1 post today

Every decade or so the recommendations on best practices change, so I'm curious on the current best practices around SSH keys stored on a device (eg a laptop).

If we believe that the best practice currently is to have a new private key per client device (ie for each laptop, desktop, or phone) that one connects to a server from, then that opens the question in my mind of what are folks doing for passphrases for these keys.

Obviously the ideal would be very strong, unique passphrases per device, but then if one has 4+ devices, this can get fairly challenging to remember.

Do you use passphrases on per-device keys?
Do you re-use the passphrase across keys?
Do you forgo traditional ssh keys stored on the computer in favor of Yubikeys?
Do you have tools to help you manage which keys are on which hosts so you can retire or revoke them as necessary?

Outlaw cybergang attacking targets worldwide

A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet includes an IRC-based client that acts as a backdoor, allowing for various malicious activities. Victims have been identified mainly in the United States, with additional targets in Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil. The article provides detailed analysis of the malware's components, persistence mechanisms, and evasion techniques. Recommendations for system administrators include hardening SSH configurations and implementing additional security measures to mitigate the risk of compromise.

Pulse ID: 6810fdeb2114bc18d03810e3
Pulse Link: otx.alienvault.com/pulse/6810f
Pulse Author: AlienVault
Created: 2025-04-29 16:27:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

CI/CD для чайников — разберитесь, и начните автоматизировать рутину в разработке. Часть 3. Его величество, деплой

Пишу про полезные материалы про IT, и собираю свой ламповый нетворкинг тут - t.me/+434aQiGpZtAyNTU6 . Присоединяйтесь! Оглавление.

habr.com/ru/articles/904898/

TelegramMindGroup Education
#gitlabci#runner#cd