Byla vydána (𝕏) nová verze 24.7 open source firewallové a routovací platformy OPNsense (Wikipedie). Jedná se o fork pfSense postavený na FreeBSD. Kódový název OPNsense 24.7 je Thriving Tiger. Přehled novinek v příspěvku na fóru.
Binarly REsearch upozorňuje na bezpečnostní problém PKFail (YouTube) v ekosystému UEFI. Stovky modelů zařízení používají pro Secure Boot testovací Platform Key vygenerovaný American Megatrends International (AMI) a jeho privátní část byla při úniku dat prozrazena. Do milionů zařízení (seznam v pdf) po celém světě tak útočníci mohou do Secure Bootu vložit podepsaný malware. Otestovat firmware si lze na stránce pk.fail. Ukázka PoC na Linuxu na Windows na YouTube.
Mobilní operační systém /e/OS (Wikipedie) založený na Androidu / LineageOS, ale bez aplikací a služeb od Googlu, byl vydán ve verzi 2.2 (Mastodon, 𝕏). Přehled novinek na GitLabu. Vypíchnuta je rodičovská kontrola.
Společnost OpenAI představila vyhledávač SearchGPT propojující OpenAI modely umělé inteligence a informace z webů v reálném čase. Zatím jako prototyp pro vybrané uživatele. Zapsat se lze do pořadníku čekatelů.
Distribuce Linux Mint 22 „Wilma“ byla vydána. Je založená na Ubuntu 24.04 LTS, ale s desktopovým prostředím Cinnamon (aktuálně verze 6.2), příp. MATE nebo Xfce, balíkem aplikací XApp, integrací balíčků Flatpak a dalšími změnami. Více v přehledu novinek a poznámkách k vydání.
Příspěvek na blogu Truffle Security: Kdokoli může přistupovat ke smazaným a privátním repozitářům na GitHubu.
Byla vydána nová verze 14 integrovaného vývojového prostředí (IDE) Qt Creator. Podrobný přehled novinek v cgitu. Vypíchnout lze podporu rozšíření v Lua.
Byla vydána verze 1.80.0 programovacího jazyka Rust (Wikipedie). Podrobnosti v poznámkách k vydání. Vyzkoušet Rust lze například na stránce Rust by Example.
Apple oznámil, že v beta verzi spustil své Apple Maps na webu. Podporován je také webový prohlížeč Chrome. Ne však na Linuxu.
Portál Stack Overflow po roce opět vyzpovídal své uživatele, jedná se především o vývojáře softwaru, a zveřejnil detailní výsledky průzkumu. Průzkumu se letos zúčastnilo více než 65 tisíc vývojářů. Z Česka jich bylo 710. Ze Slovenska 246.
root@mail:~# tail -f /var/log/syslog Nov 12 11:23:14 mail named[16894]: client 68.2.181.144#57619: query (cache) 'sema.cz/ANY/IN' deniedTie zaznamy sa stale opakuju
root@mail:~# tail -f /var/log/query.log client 68.2.181.144#26821: query: sema.cz IN ANY +E (192.168.0.31)Chcem len vediet ci to mam dobre zabezpecene, alebo nieco mi tam este chyba. Na nete som asi nieco ako open dns, ale to moc nechcem. Konfiguraky: named.conf
root@mail:~# cat /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; trusted-keys { dlv.isc.org. 257 3 5 "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; };named.conf.local
root@mail:~# cat /etc/bind/named.conf.local logging { channel query.log { file "/var/log/query.log"; // Set the severity to dynamic to see all the debug messages. severity debug 3; }; category queries { query.log; }; }; + Zonove zaznamynamed.conf.options
root@mail:~# cat /etc/bind/named.conf.options acl "allowed" { 192.168.5.0/24; 192.168.10.0/24; localhost; localnets; }; options { directory "/var/cache/bind"; allow-query { any; }; allow-recursion { allowed; }; allow-query-cache { allowed; }; forwarders { 8.8.8.8; 8.8.4.4; 195.210.29.64; }; rate-limit { responses-per-second 5; }; forward only; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; also-notify {}; fetch-glue no; };
root@mail:~# time tail -f /var/log/query.log client 221.229.162.197#30569: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#30569: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#6948: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#6948: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#1216: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#1216: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#45720: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#45720: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#11571: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#11571: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#1768: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#1768: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#22297: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#22297: drop REFUSED response to 80.250.115.0/24 client 80.250.115.133#58805: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#58805: slip REFUSED response to 80.250.115.0/24 client 221.229.162.197#17687: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#17687: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#3585: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#3585: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#16553: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#16553: drop REFUSED response to 80.250.115.0/24 client 221.229.162.197#9780: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#9780: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#49030: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#49030: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#4523: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#4523: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#63228: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#63228: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#29943: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#29943: slip REFUSED response to 221.229.162.0/24 client 80.250.115.133#2142: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#2142: slip REFUSED response to 80.250.115.0/24 client 221.229.162.197#12853: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#12853: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#18454: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#18454: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#12803: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#12803: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#11976: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#11976: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#42548: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#42548: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#27375: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#27375: drop REFUSED response to 80.250.115.0/24 client 221.229.162.197#17555: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#17555: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#46601: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#46601: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#51315: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#51315: slip REFUSED response to 221.229.162.0/24 client 80.250.115.133#48420: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#48420: slip REFUSED response to 80.250.115.0/24 client 221.229.162.197#33798: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#33798: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#3435: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#3435: drop REFUSED response to 80.250.115.0/24 client 221.229.162.197#58059: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#58059: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#62829: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#62829: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#25584: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#25584: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#32870: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#32870: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#64117: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#64117: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#21581: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#21581: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#48471: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#48471: slip REFUSED response to 80.250.115.0/24 client 221.229.162.197#39125: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#39125: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#64811: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#64811: drop REFUSED response to 221.229.162.0/24 client 80.250.115.133#50582: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#50582: drop REFUSED response to 80.250.115.0/24 client 221.229.162.197#2589: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#2589: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#42520: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#42520: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#14914: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#14914: slip REFUSED response to 221.229.162.0/24 client 80.250.115.133#19227: query: wradish.com IN ANY +E (192.168.0.31) client 80.250.115.133#19227: slip REFUSED response to 80.250.115.0/24 client 221.229.162.197#6794: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#6794: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#57811: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#57811: slip REFUSED response to 221.229.162.0/24 client 221.229.162.197#46059: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#46059: drop REFUSED response to 221.229.162.0/24 client 221.229.162.197#7354: query: wradish.com IN ANY +E (192.168.0.31) client 221.229.162.197#7354: slip REFUSED response to 221.229.162.0/24 real 0m1.260s user 0m0.004s sys 0m0.000s
Nevidím tam nikde DNSSEC, takže to máš naprosto nezabezpečené.
Tiskni
Sdílej: