Google Chrome zeroday at wild.
https://www.bleepingcomputer.com/new...ed-in-attacks/
update if you can :) or use other browser for a while. |
Is this really news when Chrome's average is more than one a month?
Or perhaps the news is simply that there was a whole two months since the last such vulnerability was discovered in Chrome? |
nah, it isnt "news" i think, but someone could benefit of this post.
|
It reminded me to sudo apt update and sudo apt dist-upgrade before firing up any gear lately.
Thanks. |
It also reinforces the importance of the so-called "Principle of Least Privilege."
Which is to say that – and this is true of every operating system – "the account that you use every day" must not be "an Administrator." (In Linux, this means: "a member of the wheel group.") Windows ... MacOS (OS/X) ... mainframe ... doesn't matter. If anyone or anything that is operating under your credentials "runs into a nearby phone booth," it should not be capable of flying out of it wearing ugly blue tights. It should be operating in a "home directory" that isn't accessible to other users of the same system, and it shouldn't be able to snoop into anyone else's home – let alone have write access to it. It cannot issue the sudo su command, because it is not required to. Do not give yourself any more access to your system than you require when exercising the tasks which you have associated with that particular login account. (After all, you can have as many accounts as you please.) Don't allow anyone else access to "your stuff" except to the extent that a specific other user-id requires it. By voluntarily limiting "your" access to "your" system based on need to know or do, you immediately make your system far more secure ... and it really isn't that "inconvenient" once you get used to it. "Be Jimmy Olsen, not Clark Kent." Beyond that – find a good continuous backup system, and use it 100% of the time. |
Quote:
I'm a member of the wheel group but can't invoke root commands from my usr account: Code:
jitte@unmei:~ $ groups |
The question is whether you can enter the command: sudo su, then enter your own password, and wind up with a "#" prompt . . .
There should be only one user-id on any system, IMHO, which is capable of doing that. As I've said here before, "your computer is just too damned stupid to know when it should say 'yes!'" But it's extremely good at saying 'no!' Leverage that idea to your full advantage, and also be sure that your "all-powerful user" is named (say ...) freddie. It really isn't "inconvenient" after all ... |
You were right all along and I was wrong from the start.
Hear that often? Hmmm? My Gehirndose full of toxins, shutdown progressing, Dave Quote:
On FreeBSD I always su to root in a terminal, work as root from that terminal and log out to my usr account when done. I've never installed sudo or doas and am very comfortable working as root, but do not log in as root or run as r00t after my work s done. Kali has sudo and I don't use the root account on it. Quote:
|
Depending on how critical the system is, it may be useful to also setup MFA - even for sudo.
|
It has certainly not escaped my attention that "other Unix®/Linux based systems that I regularly frequent," namely MacOS/OSX, no longer permit even "the root user" unfettered privileges.
Instead, just like "UEFI," they now require a first-action that is physical, therefore distinctly human. Without this, even "the root user" is now "fettered." And, "I agree with this." |
All times are GMT -5. The time now is 02:56 PM. |