New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Latest security vulnerabilities
AFAIK, Urpad has been recently hit by Supermicro IPMI vulnerability (correct me if I am wrong). I wonder, who else was the same unlucky?
I would like to know, whether all OpenVZ VPSes providers active on LET has applied the patch to handle OpenVZ vulnerability (flaw allowing to access file system outside the container)?
It becomes more and more horrible to even think of having VPS anywhere. Year 2014 is rich for vulnerabilities so far.
Comments
many of them patch servers, so you dont have to worry about that, just take a look on vulnerabilities, and if you order a server and kernel is old or something, request a refund.
many of them are ok.
they cant guess wich vulnerabilitie is going to appear each day, so im ok.
99% of providers here, take care about that.
No, I do care. And, to be honest, it's not question of refund. I need secure and safe environment, not the ability to get refunded and start looking for another provider.
AFAIK, OpenVZ is still the "leader" when talking about limitations and vulnerabilities.
You need to pay a premium for that. You cannot expect enterprise level service and security from a one man show for $7. Most of the very popular services patched very quickly, and many of the smaller ones have too.
As far as I can tell, it's not a question of "who" is being hacked, but why.
I saw an IPMI exploitation on our pm25 before decomissioned it. Since it leaves clear trails it was easy to check all and now are behind ACL and most were also behind NAT anyway following the corporate rule, so, no worries now. It needed a reboot to be rooted and I saw the attack in progress, how daemon account was given privileges and shell, of course, we choose to move everyone out and repurpose the server even though we saw everything that was done and we undone it the minute the server was back up.
Having 24/7 supervision and alerts each time a server goes down or load up pays up but it cannot protect against all vulnerabilities.
This is a continuous guerilla war and nobody can guarantee absolute security. Not even NSA.
But you can from an $5 DO, or an $10 Linode.
Cheap is not an excuse, and paying more is not the solution.
I absolutely disagree. Paying more doesn't mean receiving more quality. It's the question of whose services are used, of how well is everything organized in there. Price by itself isn't the criterion.
I again disagree.A number of network devices (anything that can be contacted via 'Net is network device) is targeted, at times without any plan or even purpose. "Just for fun". This is why.
Of course there are deliberate attacks, but they are almost always sudden and do not necessarily exploit vulnerabilities.