Comment on Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
SL3wvmnas@discuss.tchncs.de 3 days ago“We originally looked at a code change for this issue, but after further review of design documentation, changes to code could break compatibility with functionality used by many applications.”
Year of the Linux (Server|Desktop). Seriously. If you are in IT pls look into this (and hide your RDP server behind some VPN. No not MS RDP Gateway.)
the_crotch@sh.itjust.works 3 days ago
Anyone who isn’t doing this already is dumb. Same goes for exposing ssh publicly. I don’t care that you’re using a cert to log in, if there’s a 0 day in the openssh server you’re boned
maxwellfire@lemmy.world 2 days ago
If there’s a 0 day in the VPN software then I’m also probably boned. The chances of that seem on par with the likelihood of an openssh vulnerability? I feel like vpns are useful to secure services without good authentication, but their use in front of an openssh server had never made much sense to me.
the_crotch@sh.itjust.works 2 days ago
Hypothetically, assuming you have the von range locked down reasonably well, they would have to breach the vpn and then also breach the other services once they’re on your network.