this post was submitted on 26 Jul 2024
71 points (100.0% liked)

Sysadmin

5583 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago
MODERATORS
 

TLDR: An AMI testkey was used in production by a bunch of manufacturers. The key has now been leaked.

all 9 comments
sorted by: hot top controversial new old
[–] [email protected] 16 points 3 months ago (2 children)

Is it just me or is tech increasingly breaking down?

[–] [email protected] 20 points 3 months ago (1 children)

The layoffs are finally paying off..

[–] [email protected] 1 points 3 months ago

I just took a peek at the status and outage history of $dayjob[-1]. Seems they've been having an order of mag more problems since they laid off everybody who knows how servers work.

Oh, well... ~~

[–] [email protected] 10 points 3 months ago (1 children)

It's not just you (as is with all these kinds of questions). It's an observable trend. As complexity rises, potential for errors rise.

[–] [email protected] 9 points 3 months ago (2 children)

I don't think it's complexity as such, but bad management and/or lack of care in general.

[–] [email protected] 2 points 3 months ago

Dollar dollar bills, ya'll.

[–] [email protected] 1 points 3 months ago

That too. But also proportional to growing complexity. More complex things to manage makes more room for mistakes in management. With maybe even the epitome being "ah fuck it"

[–] [email protected] 10 points 3 months ago

As much "doom and gloom" as the article pushes, I kinda feel that the compromised keys being well known makes detection easier. The malicious binary needs to be signed with one of these keys, this means that there will be very specific structures (e.g. the public key) at well known locations in the file. This is exactly the type of threat which anti-virus is good at detecting. Assuming a network's security folks aren't completely asleep at the switch, these attacks should get picked up and blocked pretty fast.

There is a reason attackers spend so much time and effort obfuscating code and keeping files off the disk. While A/V may be a pretty terrible security control and easily bypassed in many cases, watching for files with well known patterns is one of the few things A/V tends to do well.