New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Trojanized versions of PuTTY utility being used to spread backdoor
Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. The file was transmitted by a group Mandiant tracks as UNC4034.
Pretty sure this fits the theme of this forum.
Comments
For all of you Mac users not doing system admin full-time and just wanting a quick and easy SSH client:
There’s a neat trick where you can create a config file in the .ssh folder, naming the host, and enetering all of the details, such as a file path to the private key and the username and the IP.
Then, in the default terminal, you just run ”ssh [name] and you’re in.
Real nice.
Or use the old fashioned way.
Use terminal to ssh into your server with allow/deny rules. Static IP is a given for that of course.
One statement in the ArsTechnica article bothered me:
I thought they mounted as virtual drives, not launched as virtual machines. That's what happens on a Windows 10 virtual machine, but I do not have convenient access to Windows on real hardware. I looked at the default applications settings, but there was no listing for ".iso" in the "default applications by extension" list. I note that Hyper-V is not installed on this Windows system.
Can someone here point me to documentation that describes this auto-launching virtual machine behavior for .iso files, and where is the Windows setting is for it? I find it hard to believe that Microsoft would default to behavior that could automatically launch embedded executables.
This probably is the best approach.
I've also used either a .bash_profile with aliases like
Or a script you call with "goto server1 that plugs keys/ports/options.
Why not just use ~/.ssh/config which is designed for exactly this kind of stuff and works the same on every platform?
Maybe because people are lazy; and
server1
is quicker to type thanssh server1
.Well, you could also properly use
~/.ssh/config
for all configurations and then doalias server1="ssh server1"
for the sake of lazyness.It's no fun if you can't use BASH
Laziness is borderless.
PuTTY used to be the only choice on Windows.
Now I have Git for Windows that includes ssh.exe.
I primarily use normal
.ssh/config
just like on Linux computers.I even have (manual) synchronization of the config file.
There's an OpenSSH Client component in Windows.
However, I found that it lacks certain features, such as ProxyJump.
Hence I use the program from Git for Windows.
I screwed myself with this one just recently. My IP wasn't officially static at home, but I'd had the same IP for ~12 years, across different modems and routers, so I figured I'd throw an extra layer of security on my dedi that I don't bother with on VPSs. Spectrum decided to redo all of my area's hardware, and absolutely wrecked my day. No big deal, I added two of my VPS IPs to the firewall also just for this situation, except they were both VirMach VPSs that moved to a new IP with ryzen migrations, and I hadn't got around to updating those rules either. Whoops.
Yeah thats why I need to pay €6/mo from Telia to keep my static on my home connection.
But that 6 euros at least gives me peace of mind.
You're right, they're wrong. With the right default setting, double clicking an ISO only mounts as virtual drive.
There is autoruns that could be on ISO, but I'm sure you have to jump through hoops to enable running autoruns since its been attack vector for decades.
Are there any Linux "try before installing" ISO's that could run a Linux VM in Windows by running the autoruns?
You can get static IP cheaper way, create a VM and use WireGuard, so this way get static IP and when you do use public WIFI so you know that traffic is encrypted.
"PuTTY is an open source secure shell and telnet application. Secure versions of it are signed by the official developer. The version sent in the WhatsApp message was not signed."