A separate vulnerability in Linux allows users with limited rights to escalate to root. Tracked as CVE-2026-43499, it lurked in the OS for 15 years. Researchers from Nebula Security said they discovered it using Vega, Nebula’s AI-assisted vulnerability scanner. Matt Lucas, a researcher and founder of RedEye Security, explained
This will become more and more common as we use AI to find vulnerabilities faster (hopefully) than bad actors can use AI to find vulnerabilities.
Tangent5280@lemmy.world
on 11 Jul 21:27
nextcollapse
If you pay attention you can hear a hundred NSA assholes tear their hair out
This is a reminder that US scientists during the cold war thought fish were russian subs because they didn’t have biologists on staff
Judging by the way they’ve treated big companies in the past the NSA is staffed by a bunch of people who use backroom deals with US tech companies to collect their data mostly.
I actually think a large plurality of them spend most their time tracking/stalking their wives and like people they argued with the day before.
lambalicious@lemmy.sdf.org
on 12 Jul 15:27
collapse
You start as a bully when a kid, then grow up to be a fash / nazi, then they give you a badge and the ability to institutionalize your hate.
LOL! The level condescension sure is right on point Lemmy.That genuinely got a chuckle. In some ways I enjoy being that simple child. Full of wonderment at this universe around him.
lambalicious@lemmy.sdf.org
on 12 Jul 03:50
collapse
Wonderment is cool. The key is to know to keep it as you learn more truths about the world.
That’s a mouthful of a statement, and one that I wrestle with constantly.
mnemonicmonkeys@sh.itjust.works
on 12 Jul 15:31
collapse
Keep in mind that the rate of errors caught by AI will not be consistent. It will drop off over time.
While I’m no fan of AI, that has nothing to do with it. Adding AI to error detection suites is (mostly) fine so long as you don’t remove more tradional methods like code review, manually set up unit tests, and properly reviewing each failed test instead of just letting the AI slop in a patch.
My point is that any test you add to an existing codebase is going to catch a decent number of issues at first, then over time it will drop off as pre-existing issues get resolved. Then you’ll be left with the lower rate of new issues from updates.
AI isn’t a silver bullet. It (sometimes) is another tool in the toolbox.
There was never an actual notion of “security through obscurity”. LInux runs the complete Internet and most coporate server infrastructure. That’s where the actual money is.
People hallucinating that Linux is something obscure simply have no clue and confused their home desktop for real computing. Windows desktops are constantly targeted not because they are -unlike Linux- so wide-spread but because they are already insanely insecure. They are the low hanging fruit where you can cobble together some cheap shit and will still find million of PCs vulnerable. If you want to find a Linux comparison it’s definitely not server or desktops but cheap IoT devices not having seen an update (or any security to speak of) for many years.
For reference: We are talking about guests in a virtual pc escaping it’s container. That’s not something obcure. That’s basically all cloud hoster’s whole business model, thus the reason Google pays a lot of money for finding such exploits.
phailhaus@piefed.social
on 12 Jul 00:47
nextcollapse
Windows desktops are targeted because any place you have a user, you have a vulnerability. The vast majority of Linux installs are servers with extremely limited user activity, which narrows the attack vectors significantly.
The actual notion of “security through obscurity” (that will surely come up on Google if their AI bullshittery hasn’t screwed up completely…) for Linux is insane because open source is the polar opposite. By that definition proprietary code is actually much more linked to the concept.
The often more unprecise and colloquial usage I thus assumed you were using doesn’t apply either, for the reasons I summarised.
So which imaginary definition of “security through obscurity” are you using and assuming that it will come up on Google when none of the real ones makes any sense?
atzanteol@sh.itjust.works
on 12 Jul 17:07
collapse
In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician’s sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser’s version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.
You don’t know what you’re talking about - please stop. It’s embarrassing. It’s a long-standing industry term not some weird phrase I just made up. Nobody is saying “Linux is obscure”.
lIlIllIlIIIllIlIlII@lemmy.zip
on 12 Jul 00:54
nextcollapse
Security through obscurity in OSS lol
atzanteol@sh.itjust.works
on 12 Jul 04:02
nextcollapse
The self-hosted crowd thinks reverse proxies protect you from the Internet. Don’t expect too much of them.
nibbler@discuss.tchncs.de
on 12 Jul 09:16
nextcollapse
The selfhosted guys are correct with that. Of course its not a magic pill, but it can help to minimize the attack surface immensely with little effort.
Edit: while open ports can easily be enumerated, a reverse proxy often requires knowledge of the right server name. In tls1.3 those are not transferred in clear. Depending on your thread scenario you might want to consider doh/dot etc.
Reverse proxies can require client certs, which lift the security benefit to something like a vpn. Even basic auth adds a high threshold to attackers and is simple even for random users to work with. All this is functionality many services don’t offer natively - as they assume a reverse proxy anyway I guess.
atzanteol@sh.itjust.works
on 12 Jul 12:30
collapse
See what I mean?
As if a proxy blindly passing traffic directly to a backend server “reduces attack surface” in any meaningful way. 🙄
Edit: Guy edits his post with a bunch of stuff and assumes I’ve read it later. I can’t eyeroll enough…
You’ve increased your “attack surface” by adding a second application to the stack. Proxies aren’t magic, they are also targets.
Sure - you can do those things on a proxy. How many people here are? And why are those things never suggested when people here say “use a reverse proxy”? Because they think the proxy is the security.
nibbler@discuss.tchncs.de
on 12 Jul 12:51
collapse
Did you just add ‘blindly passing traffic’ to your statement? Did you read my comment about can help?
Move on, joker.
atzanteol@sh.itjust.works
on 12 Jul 13:09
collapse
Sorry - which part of your comment added anything of value? “can help to minimize the attack surface”? 99% of the time a proxy just passes traffic through. Unless you’re talking about a WAF which is a) a different thing and b) NOT what any home gamers are talking about when they recommend nginx, traefik, etc. to newbs.
nibbler@discuss.tchncs.de
on 12 Jul 13:10
collapse
Lol
atzanteol@sh.itjust.works
on 12 Jul 13:13
collapse
You can’t be real 😂 best laugh I’ve had in a while. Thanks for that.
lIlIllIlIIIllIlIlII@lemmy.zip
on 12 Jul 10:52
collapse
You are right about that a reverse proxy does not protect. But I can not relate that with security through obscurity.
Natanox@discuss.tchncs.de
on 12 Jul 08:45
nextcollapse
I don’t know where you got the notion from that Linux as a whole uses this concept, but it’s nonsense. There’s exactly one place where this definition fits, which is the GRUB bootloader encryption (which merely shifts the target for the Evil Maid attack from the initramfs to GRUB). But this is already adressed with Verified Boot.
Nothing else, let it be LUKS, PAM, SELinux, AppArmor or whatever has any business with STO.
From the fact it used to have to smallest user base of the big three. Less users = less probability of a nefarious person.
It’s really not that difficult a concept. I’m surprised people here are asking what it is.
Natanox@discuss.tchncs.de
on 12 Jul 11:22
collapse
That doesn’t make any sense as argument no matter how you spin it. Linux is the dominant system for servers for decades now, and a Debian Desktop is quite literally the same as Debian on a server except it also got a GUI of your choice slapped on top. There’s absolutely nothing obscure about it, neither did anyone from the kernel team (Linux), FSF (GNU utils) nor IBM / Red Hat (systemd & honestly way too much other stuff) etc. ever design something around STO. That’s a domain firmly situated in proprietary code since for FOSS it doesn’t make sense to begin with. The false errand of GRUB is the sole exception, well known and solved.
The desktop market share says absolutely nothing about what you’re trying to argue. Now if you were to argue that Linux is lacking in terms of desktop software isolation then you’d have a point, things like Flatpak still are addressing lots of issues. But to say “Linux” approaches security with obscurity is total nonsense.
mnemonicmonkeys@sh.itjust.works
on 12 Jul 15:36
nextcollapse
Linux’s “security through obscurity”
I lost braincells reading this. The entire point of open source software is to have it visible and auditable, aka the exact opposite of security through obscurity.
If you want to bash OS’s for relying on STO, go after iOS and Windows. Those OS’s, being closed source, are the ones relying on it
threaded - newest
This will become more and more common as we use AI to find vulnerabilities faster (hopefully) than bad actors can use AI to find vulnerabilities.
If you pay attention you can hear a hundred NSA assholes tear their hair out
20 years of hoarding CVEs down the drain.
Now they’ll never be able to gg ez their way into any country and will have to actually use their bribery budget to get more implants lol.
Which means the new paradigm will be ‘every piece of hardware is a supply chain attack.’
cough TPM 2 cough
You don’t think frontier AI models are leaving some out deliberately?
If they leave it out someone else will find it, the days of leaving things out deliberately past.
Oh small, simple child: who do you think has the better access to AI in the first place?
The companies who are training AI… On Linux servers?
Wait no, obviously smaller actors you’re referring to with your mysterious comment.
Or maybe all the follow on tech companies that are the largest customers using AI aaand who also mostly use Linux
No no I’ve got it wrong, US government entities want a backdoor so restrict AI releasing, then during that window exploit non-US companies using Linux
It goes right to the top!
Well, you know … “them”
Almost sounds like a pejorative when you say it like that! :p
This is a reminder that US scientists during the cold war thought fish were russian subs because they didn’t have biologists on staff
Judging by the way they’ve treated big companies in the past the NSA is staffed by a bunch of people who use backroom deals with US tech companies to collect their data mostly.
I actually think a large plurality of them spend most their time tracking/stalking their wives and like people they argued with the day before.
You start as a bully when a kid, then grow up to be a fash / nazi, then they give you a badge and the ability to institutionalize your hate.
Didn’t downvote you but…
LOL! The level condescension sure is right on point Lemmy.That genuinely got a chuckle. In some ways I enjoy being that simple child. Full of wonderment at this universe around him.
Wonderment is cool. The key is to know to keep it as you learn more truths about the world.
That’s a mouthful of a statement, and one that I wrestle with constantly.
Keep in mind that the rate of errors caught by AI will not be consistent. It will drop off over time.
While I’m no fan of AI, that has nothing to do with it. Adding AI to error detection suites is (mostly) fine so long as you don’t remove more tradional methods like code review, manually set up unit tests, and properly reviewing each failed test instead of just letting the AI slop in a patch.
My point is that any test you add to an existing codebase is going to catch a decent number of issues at first, then over time it will drop off as pre-existing issues get resolved. Then you’ll be left with the lower rate of new issues from updates.
AI isn’t a silver bullet. It (sometimes) is another tool in the toolbox.
I would fully agree with that statement.
Linux’s “security through obscurity” was never going to last.
Edit: it’s a common concept in hacking. Shorthand for a type of security through improbability.
Security through what now?
Well, I guess it is obscure… Though only because the number of people who have a full grasp on how the code works is highly limited.
There was never an actual notion of “security through obscurity”. LInux runs the complete Internet and most coporate server infrastructure. That’s where the actual money is.
People hallucinating that Linux is something obscure simply have no clue and confused their home desktop for real computing. Windows desktops are constantly targeted not because they are -unlike Linux- so wide-spread but because they are already insanely insecure. They are the low hanging fruit where you can cobble together some cheap shit and will still find million of PCs vulnerable. If you want to find a Linux comparison it’s definitely not server or desktops but cheap IoT devices not having seen an update (or any security to speak of) for many years.
For reference: We are talking about guests in a virtual pc escaping it’s container. That’s not something obcure. That’s basically all cloud hoster’s whole business model, thus the reason Google pays a lot of money for finding such exploits.
Windows desktops are targeted because any place you have a user, you have a vulnerability. The vast majority of Linux installs are servers with extremely limited user activity, which narrows the attack vectors significantly.
In any system, the human is usually the weakest link.
You could have just said that you don’t know what “security through obscurity” is.
You are right. I don’t know what your personal definition of “security through obscurity” is as it’s very obviously not matching actual reality.
Just google the term next time rather than embarrassing yourself.
Yes, please do.
The actual notion of “security through obscurity” (that will surely come up on Google if their AI bullshittery hasn’t screwed up completely…) for Linux is insane because open source is the polar opposite. By that definition proprietary code is actually much more linked to the concept.
The often more unprecise and colloquial usage I thus assumed you were using doesn’t apply either, for the reasons I summarised.
So which imaginary definition of “security through obscurity” are you using and assuming that it will come up on Google when none of the real ones makes any sense?
OMG.
en.wikipedia.org/wiki/Security_through_obscurity
You don’t know what you’re talking about - please stop. It’s embarrassing. It’s a long-standing industry term not some weird phrase I just made up. Nobody is saying “Linux is obscure”.
Security through obscurity in OSS lol
The self-hosted crowd thinks reverse proxies protect you from the Internet. Don’t expect too much of them.
The selfhosted guys are correct with that. Of course its not a magic pill, but it can help to minimize the attack surface immensely with little effort.
Edit: while open ports can easily be enumerated, a reverse proxy often requires knowledge of the right server name. In tls1.3 those are not transferred in clear. Depending on your thread scenario you might want to consider doh/dot etc.
Reverse proxies can require client certs, which lift the security benefit to something like a vpn. Even basic auth adds a high threshold to attackers and is simple even for random users to work with. All this is functionality many services don’t offer natively - as they assume a reverse proxy anyway I guess.
See what I mean?
As if a proxy blindly passing traffic directly to a backend server “reduces attack surface” in any meaningful way. 🙄
Edit: Guy edits his post with a bunch of stuff and assumes I’ve read it later. I can’t eyeroll enough…
Did you just add ‘blindly passing traffic’ to your statement? Did you read my comment about can help?
Move on, joker.
Sorry - which part of your comment added anything of value? “can help to minimize the attack surface”? 99% of the time a proxy just passes traffic through. Unless you’re talking about a WAF which is a) a different thing and b) NOT what any home gamers are talking about when they recommend nginx, traefik, etc. to newbs.
Lol
Enjoy your “security”. 🙄
You can’t be real 😂 best laugh I’ve had in a while. Thanks for that.
You are right about that a reverse proxy does not protect. But I can not relate that with security through obscurity.
I don’t know where you got the notion from that Linux as a whole uses this concept, but it’s nonsense. There’s exactly one place where this definition fits, which is the GRUB bootloader encryption (which merely shifts the target for the Evil Maid attack from the initramfs to GRUB). But this is already adressed with Verified Boot.
Nothing else, let it be LUKS, PAM, SELinux, AppArmor or whatever has any business with STO.
From the fact it used to have to smallest user base of the big three. Less users = less probability of a nefarious person.
It’s really not that difficult a concept. I’m surprised people here are asking what it is.
That doesn’t make any sense as argument no matter how you spin it. Linux is the dominant system for servers for decades now, and a Debian Desktop is quite literally the same as Debian on a server except it also got a GUI of your choice slapped on top. There’s absolutely nothing obscure about it, neither did anyone from the kernel team (Linux), FSF (GNU utils) nor IBM / Red Hat (systemd & honestly way too much other stuff) etc. ever design something around STO. That’s a domain firmly situated in proprietary code since for FOSS it doesn’t make sense to begin with. The false errand of GRUB is the sole exception, well known and solved.
The desktop market share says absolutely nothing about what you’re trying to argue. Now if you were to argue that Linux is lacking in terms of desktop software isolation then you’d have a point, things like Flatpak still are addressing lots of issues. But to say “Linux” approaches security with obscurity is total nonsense.
I lost braincells reading this. The entire point of open source software is to have it visible and auditable, aka the exact opposite of security through obscurity.
If you want to bash OS’s for relying on STO, go after iOS and Windows. Those OS’s, being closed source, are the ones relying on it
I don’t think that word means what you think it means.
If it was microsoft they would ban github and gitlab account and not give cve.
I’m not a big Google fan but I will give credit where credit is due
They do put their money where their mouth is
I hate google but they still pay good money to opensource and take responsibility by organizing google summer of code.