Comment on Basic Security for your Website | Loudwhisper
kitnaht@lemmy.world 3 months agoI mean we just had nvd.nist.gov/vuln/detail/CVE-2024-6387 – so my guess is that you’re updating quite often to be so confident in your unattended upgrades.
Comment on Basic Security for your Website | Loudwhisper
kitnaht@lemmy.world 3 months agoI mean we just had nvd.nist.gov/vuln/detail/CVE-2024-6387 – so my guess is that you’re updating quite often to be so confident in your unattended upgrades.
loudwhisper@infosec.pub 3 months ago
Yeah I know (I mentioned it myself in the post), but realistically there is no much you can do besides upgrading. Unattended upgrades kick in once a day and you will install the security patches ASAP. There are also virtual patches (crowdsec has a virtual patch for that CVE), but they might not be very effective.
I argue that VPN software is a smaller attack surface, but the problem still exists (CVEs) for everything you expose.