[ale] Holy Guacamole
DJ-Pfulio
DJPfulio at jdpfu.com
Thu Jul 2 20:14:42 EDT 2020
Researchers find Apache remote desktop software was silently pwnable for snooping on sessions
https://www.theregister.com/2020/07/02/apache_guacamole_vulns_hijackable_rdp/
Folks who know me, know that I'm a huge believer in requiring VPN access to the network for any internal-only servers. If people cannot connect to the VPN, then they cannot attack remote desktop system.
Pulled email client access off the internet years ago as well. No VPN, no email access. Did that after seeing thousands of attempts to authenticate to our IMAP server from thousands of different IPs around the world.
More information about the Ale
mailing list