• 0 Posts
  • 2 Comments
Joined 3 years ago
Cake day: June 20th, 2023
  • folekaule@lemmy.worldtoTechnology@lemmy.worldGoodbye device ownership, and the last vestiges of free speech will die with this bill as well.English
    19·
    3 days ago

    They have many ways to do this if they want:

    • go after US entities, like the Linux Foundation. They only need to go after enough to make them fall in line
    • Make it illegal to distribute non compliant systems, including downloads
    • Make it illegal to operate or even possess a non compliant system

    Even if they don’t go after individuals they can do a lot of damage in restricting trade and business use of something. The mere threat of legal action is though to make business owners nope out.

    It’s already risky to draw attention to yourself by using privacy focused phones when traveling. It’s the ultimate “if your have nothing to hide why are you worried” situation.

    They’re forcing legitimate users to either give up or go underground and risk being seen as criminals.

  • folekaule@lemmy.worldtoSelfhosted@lemmy.worldQuestion for Reasonable Security in New Server SetupEnglish
    5·
    4 days ago

    I’m not a cyber security expert, but I think about it this way:

    First, consider your threat model. What could possibly go wrong? What do I do if the worst thing happens? What information do I need to protect? If everything is already public (like blog posts), maybe there isn’t much of a threat of information loss. If you keep your tax documents on there, maybe rethink that.

    Second: think defense in depth. None of these measures will make you totally safe, but every barrier is another thing that can make a hacker’s life more difficult. You move the ssh port and it’s not as easily found by someone who’s just literally scanning the entire Internet for open ssh ports. It’s trivial to find, sure, but at least you dodged one bullet.

    OK, they found your ssh port. Now they’re gonna start scanning for common username/password combinations. Fail2ban will stop this by blocking access after a few failures. If your credentials have leaked somewhere, the hackers may have a good guess at it though. But you’re OK because you’re using a key pair not your usual password (please don’t have a “usual password”).

    Bad luck: they guessed your password. Or maybe they exploited a bug in your web server software (must have been a zero-day because you kept things up to date). Their exploit needs to open a server port for them to talk to, though. You blocked it on your firewall so that didn’t work. They try a reverse shell, but you blocked outgoing connections, too. Well done.

    And on it goes.

    If they keep trying, they will eventually succeed, but they have to try a lot harder when you lock things down, and the longer they are at it, the more opportunity you have to notice.