zosurabalpin doesn’t seem to work on any other Gram-negative bacteria besides A. baumannii. The proteins in the LPS transporter complex are not conserved across different bacteria. Thus, targeting the LPS transporters of other nefarious Gram-negative bacteria will take yet more drug development research. One bright side of this, as Gugger and Hergenrother note in their commentary, is that it may produce species-specific antibiotics, which could protect patients’ microbiomes from being obliterated by broad-spectrum drugs, which we now appreciate is bad for human health.
And, of course, with any new antibiotic, there’s the inevitability that bacteria will develop resistance. The researchers already found that select mutations in the LPS transporter machinery can knock back the drug’s potency. Also, A. baumannii doesn’t need LPS to stay alive. That said, simply blocking LPS production would leave A. baumannii more vulnerable, and it’s unclear how that trade-off will play out in clinical settings.
No, not really. It’s only a matter of time before they are resistant to this one too, and I don’t know that we can help it even if distribution antibiotics carefully.
A war like Ukraine or a Genocide like Gaza tends to speed up bacterial resistance a lot, while breakthroughs are rare. I don’t see anything in this article that says it will be more difficult for bugs to become resistant to it. All bugs evolve constantly.
Name me one thing humans have been 100% reponsible with, from nuclear weapons to airplanes. Especially when it comes to antibiotics, people are going to take what they have available.
“develop a technological standard that might turn a user’s electronic device into the proof of age necessary to access restricted online content.”
Can we not? Can parents just take care of their kids like they have for thousands of years instead of futility trying to babyproof the internet for a minority of people? Jesus.
Can parents just take care of their kids like they have for thousands of years
Okay, so lets be certain that kids do not have a direct connection with every intelligence agency, mafia and terrorist organization in the world right in their pocket, just as they did not for thousands of years. Now, to be clear I really don’t like the approach they’ve chosen here (I think we need to go much deeper into the fundamental design of the Internet), but I would hope it’s not a controversial statement to assert that our society has taken a very sharp turn for the worse ever since the Internet became ubiquitous in children’s development, and I think that really ought to prompt discussion about how it’s being used.
Controversially, I think the Internet has made society better. We’re still in the growing years of the age of information, so plenty of challenges to overcome for sure, but it largely has made for a more informed society and really empowered the average person despite the resurgence of authoritarianism.
Basically PH and other xxx sites need you to verify your identity by uploading your ID. It’s what should be unconstitutional and a violation of privacy.
I believe the responsibility should be on the parents to keep their children from viewing porn before they’re 18. Not the government. I also believe there should be at least some control over what minors have access to. Will it ever be 100%? Nope. All we can do is the best we can do
The difference is that the people involved there are adults and there is no equivalent to the parent responsible for their behaviour so a technical solution makes more sense there.
or a real example that most newer cars have a “check rear seat for occupant” alert because some people forget their babies in the backseat and they die…
This is a world for everyone in it. We shouldn’t actively make it hostile to children, but we also shouldn’t be prioritizing forcing every aspect of it to fit their needs.
Our need to keep it alive isn’t just for children, it’s for everyone, which is also completely unrelated to censorship of sexual content
Especially since parenting is the only thing that’s going to actually work. Do you think kids won’t figure out a VPN? If they heard enough to type “pornhub”, they’ll hear about the one extra step.
And there are worse things on the Internet than porn. Some likely on Roblox.
You’re just going to have to parent your kid with or without this nanny state blocking scheme.
Since he doesn't mention it in his 'fantastic' reporting, OpenSSH 9.6 was released Monday that will patch this attack. Also, since he doesn't mention it, if on the Internet, the MITM would have to be installed at both end points (client side and server side) to be effective without the patch.
Since he doesn’t mention it in his ‘fantastic’ reporting, OpenSSH 9.6 was released Monday that will patch this attack.
I am tempted to delete this post just for the article’s stupid clickbait headline, but it still will probably cause some people to go update their OpenSSH installs, so… meh.
Anyone who actually wants to know details of the vulnerability should read the website about it which is obviously much better than this article.
Also, since he doesn’t mention it, if on the Internet, the MITM would have to be installed at both end points (client side and server side) to be effective without the patch.
Huh? No. The attacker doesn’t need to be in two places or even near either end per se, they could be located at any fully on-path position between the client and server.
So you need an MitM situation to even be able to perfom the attack, and the the attack on works on two ciphers? The article says those ciphers are commonly enabled, but are they default or used in relatively modern distributed versions of openssh?
A scan performed by the researchers found that 77 percent of SSH servers exposed to the Internet support at least one of the vulnerable encryption modes, while 57 percent of them list a vulnerable encryption mode as the preferred choice.
That means a client could negotiate one or the other on more than half of all internets exposed openssh daemons.
I haven’t got too whizzed up over this, yet, because I have no ssh daemons exposed without a VPN outer wrapper. However it does look nasty.
Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.
Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.
Even the researcher who reported this doesn’t go as far as this headline.
“I am an admin, should I drop everything and fix this?”
Probably not.
The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection’s traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection’s encryption mode.
[…]
“So how practical is the attack?”
The Terrapin attack requires an active Man-in-the-Middle attacker, that means some way for an attacker to intercept and modify the data sent from the client or server to the remote peer. This is difficult on the Internet, but can be a plausible attacker model on the local network.
It definitely receives more clicks. I’ve posted this link here a day ago, but arstechnicas title is more engaging. My first thought was whether there’s been another vulnerability found.
That said, this headline isn’t as bad as it could’ve been.
Yeah, if the attacker is in a position to do a MitM attack you have much larger problems than a ssh vulnerability that so far can at most downgrade the encryption of your connection in nearly all cases
arstechnica.com
Newest