this post was submitted on 11 Jan 2024
118 points (89.3% liked)

Technology

34989 readers
201 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml
118
Linux devices are under attack by a never-before-seen worm (arstechnica.com)
submitted 10 months ago by mozz@mbin.grits.dev to c/technology@lemmy.ml
20 comments fedilink hide all child comments
 

Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices.

top 20 comments
sorted by: hot top controversial new old
[–] LodeMike 28 points 10 months ago (2 children)

the NoaBot targets weak passwords connecting SSH connections.

Harden your configs people.

AllowUsers is a really goood one.

[–] SeeJayEmm@lemmy.procrastinati.org 18 points 10 months ago (1 children)

Or just don't allow password auth at all.

[–] jose1324@lemmy.world 1 points 10 months ago (1 children)

Or just have a good password

[–] SeeJayEmm@lemmy.procrastinati.org 2 points 10 months ago (2 children)

If we're going to play that game. Require an Ed25519 key with a strong password.

[–] lemmyng@lemmy.ca 2 points 10 months ago

Or ed25519-sk.

[–] mozz@mbin.grits.dev 1 points 10 months ago

https://imgs.xkcd.com/comics/security.png

(In this case the "wrench" is just breaking into some weak link that isn't ssh, once your password is strong to not be a weak link)

[–] sugar_in_your_tea@sh.itjust.works 1 points 10 months ago

Also install something like fail2ban to prevent brute force attacks.

[–] flambonkscious@sh.itjust.works 17 points 10 months ago (2 children)

Akamai has published an extensive library of indicators that people can use to check for signs of NoaBot on their devices (https://github.com/akamai/akamai-security-research/tree/main)

GCs those Akamai folks...

[–] randomperson 12 points 10 months ago (7 children)
[–] flambonkscious@sh.itjust.works 10 points 10 months ago

Good cunts - it's originally an Aussie term of endearment, as far as I'm aware

[–] spongeborgcubepants@lemmy.world 6 points 10 months ago

Garbage Collection

[–] reflex@kbin.social 5 points 10 months ago* (last edited 10 months ago)

What does GC stand for?

Girthy Cocks maybe?
As a compliment, u noe?
Like saying they have Balls of Steel.

[–] sir_pronoun@lemmy.world 3 points 10 months ago

In this context i'm going with Game Chick from that list, because none make sense to me.

[–] randomperson 9 points 10 months ago (1 children)

here's a link to the script. its nothing fancy, but makes it easy to check: https://github.com/akamai/akamai-security-research/blob/main/malware/noabot/noabot_detect.sh

[–] reflex@kbin.social 4 points 10 months ago

here’s a link to the script.

"MagicPussy" doesn't sound that bad. 😏

[–] digdilem@lemmy.ml 6 points 10 months ago

Very poor title, like someone's just got their "Big Book of Clickbait"

Everything is under attack all the time, and everything is never-before-seen until it's seen.

[–] UnfortunateShort@lemmy.world 2 points 10 months ago

I love how in security, we have gone from "use strong passwords" to "don't make your own passwords", because people will just refuse to learn.