• Contend6248@feddit.de
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      7 个月前

      And my houshold 😁

      Ther is for sure a 2.5k line powershell script from someone totally trustworthy which fixes this issue though

      • Zuberi 👀@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        7 个月前

        Can’t find out the flavor on any websites. It might be a custom one and I imagine sharing the info would be more of a security risk.

        • Umbrias@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          7 个月前

          It won’t be a security risk once it’s in use, IT across Germany will know within days of deployment. It will almost definitely be a modified version of some probably well known Linux.

          • Zuberi 👀@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            7 个月前

            No sense in giving an adversary info on the distro before it’s fully implemented though I imagine. (I would consider that a head-start even if they heavily modify a popular distro)

            Giving the See👁️Aye advanced notice wouldn’t be smart, no matter how they wanted to play it.

            It won’t be a security risk once it’s in use

            I agree

            • Umbrias@beehaw.org
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              7 个月前

              I don’t think it really matters whether a potential adversary has a ‘head start’ all that much, security through obscurity doesn’t work super well when it’s going to be deployed to thousands of easily accessible devices anyway. It’d only just be a defense in depth, but even then meh. But it’s neither here nor there, they’ll do it whatever way they feel is best.

              • Zuberi 👀@lemmy.dbzer0.com
                link
                fedilink
                arrow-up
                1
                ·
                7 个月前

                Basically all of social engineering is to get exactly what you’re talking about, a “head start”

                Go to their LinkedIn: does the head engineer have MySQL version X on his skills, resume, job description, etc? Maybe somebody even endorsed them for it? “Wow they are THE best database administrator”

                Now you know who you need to hack for their database access AND what zero days to research.

                ANY info will be an attack vector

                • Umbrias@beehaw.org
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  7 个月前

                  Social engineering is to gain access circumventing downcode, not really “get a head start”…

                  Most attacks are entirely social engineering. You’re not breaking into secure databases by pulling ridiculous zero day backdoors when it’s much easier to convince an intern to download a file or give you access directly. These super involved attacks are state actors, and no amount of trying to hide what Linux version is being modified will do anything for you there.

                  State actors of course also use social engineering

                  Ultimately the point is hacking really doesn’t involve the kind of subterfuge you’re describing here in a way where " what Linux is it " matters at all. I mean, windows is used for secure systems across the world, it’s hardly secretive.