From owner-freebsd-security@freebsd.org Tue Feb 27 17:57:40 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27488F3B3DF for ; Tue, 27 Feb 2018 17:57:40 +0000 (UTC) (envelope-from steve@localhost.lu) Received: from mail1.mbox.lu (mail.mbox.lu [85.93.212.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B1A488617B for ; Tue, 27 Feb 2018 17:57:39 +0000 (UTC) (envelope-from steve@localhost.lu) Received: from mail1.mbox.lu (localhost [127.0.0.1]) by mail1.mbox.lu (Postfix) with ESMTPS id 774AB78059; Tue, 27 Feb 2018 18:48:49 +0100 (CET) Received: from mail1.mbox.lu (localhost [127.0.0.1]) by mail1.mbox.lu (Postfix) with ESMTPS id 669D17805D; Tue, 27 Feb 2018 18:48:49 +0100 (CET) Received: from localhost (unknown [37.168.228.93]) by mail1.mbox.lu (Postfix) with ESMTPSA id 1AE8778059; Tue, 27 Feb 2018 18:48:48 +0100 (CET) Date: Tue, 27 Feb 2018 18:48:41 +0100 From: Steve Clement To: grarpamp Cc: freebsd-security@freebsd.org Subject: Re: Fwd: [tor-relays] FreeBSD 11.1 ZFS Tor Image Message-ID: <20180227174841.uk3aunj5srwkrj2c@localhost.lu> References: <1778362.rEQJjLh0zu@beastie> <735f5c0a-f6a3-adb4-c615-7e0ce8fb6dea@queair.net> <20180225215044.vzuablpgcweaxwlh@mutt-hbsd> <2537598.fuWUYQZvu7@beastie> <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="thoqtp64m5idykvd" Content-Disposition: inline In-Reply-To: OpenPGP: url=https://localhost.lu/0x9BE4AEE9.asc; id=9BE4AEE9 X-PGP-Fingerprint: 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9 X-Operating-System: Darwin User-Agent: NeoMutt/20171215-136-032aca X-Mailman-Approved-At: Tue, 27 Feb 2018 21:08:35 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 17:57:40 -0000 --thoqtp64m5idykvd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Just yesterday, I was notified of yet another FreeBSD box getting > popped by an offensive security researcher. >=20 Dear Shawn, If there is a post-mortem analysis and details on that incident, it would be really interesting what the MO is of that/those attackers who massively own all the FreeBSDs There must be quiet a few PoCs out there yet in-depth analysis (that are on recent versions of FreeBSD) might be interesting. Depending on the various attack vectors, perhaps other mitigations can be discussed. But honestly, I run fairly recent FreeBSD machines and they aren't popped, that I know of, on a regular basis. Sincerely, --=20 Steve Clement https://www.twitter.com/SteveClement mailto:steve@localhost.lu =2Elu: +352 20 333 55 65 --thoqtp64m5idykvd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEP02M9gj5T4goFSyxaaIPUJvkrukFAlqVmfkACgkQaaIPUJvk rukNWhAAmG66fLxJFqefYgI3TPH9h8nx4lPmGA9hMuKXhqihYy3LlCchl7X7/lTK UDN0qMfJsag415FRWnx7ZERwOgaBnfG3/FsnJTIred5AjyZEfQORPaJl+xO0AzbE M/D+p3vUlZwoVjW8fBN0C6Lr9LFADV6hvD/lpq+TC80pR6S26hub2TZO11Fi08Zn kxiZIfdzmyGspxPiYqyWutIE3EWPHrWqjbVlkp4faw98PkH/Ah9F5Vvgl2pXXnR3 kC5zo9fjmUcgzLM+fscGrbAhRUJY0VfWre8MvDUi5fEhJim7zYzjO4Ta/AVKFu5C hik5AZIMoQnhhrOMub3pPLq96/YNp1QUJWsE+2wbpLPr0i+nxPIcBg9dI5ogk2eA +7OOGqqDzHlmO1RpT3CzICrV7rOyjb198w3BmNd/Vui6mfgqjxxAXHzlZAKmVRFZ 8j4mhRbW9Q47NZpAviwpcneD7rYwm8BT/fq35he9rZDcd6QLJkR5Dl0PkZFyUUb3 zWOD1LmjGU4dp8Z9u3XaCGMAjHsiy1i+wuLs392vSvL3+39c1uEo+g7CjWKKRd/J VaxFkx+dRZdj+dVDfX4/FaOG8fqzOWVoJevNhpP6J1s65kIiKEP9R8YW4JWhC4OO hwzZwyGGEWkvfVF5Mu7yZbRCIAnkWPbfmlrRP7TcXOM3kPmqdF4= =BW7d -----END PGP SIGNATURE----- --thoqtp64m5idykvd--