On Fri, 25 Aug 2023 at 10:31, Richard Hughes <hughsient(a)gmail.com> wrote:
On Fri, 25 Aug 2023 at 13:19, Stephen Smoogen
> My understanding was that Microsoft found their own 'share updates' not
working as much as expected
Hmm, I heard the opposite; can you give any more info? They have way
No, I only have some chatter from sysadmins at enterprise sites who had to
deal with audits, failed updates, and being told to turn it off to fix
them. So let's just assume I am talking to too many cranky old sysadmins
and I believed their fish stories too much.
more telemetry than we do, and I was told it would not "be
to continue WU without the peer-to-peer functionality built into
windows. According to them they even have some kind of IPv6 tunnel
thing going on which seems alarming if true.
either by network scans
As in "port 27500 exists you have a security problem" kind of scans?
It depends on the scanning from ports open to unknown shared files to 'why
did our network costs go up so much?'
> or just the fact that as soon as someone puts up a service like
it is profitable for the crooks to abuse it.
Probably my naivety, but what kind of things did you have in mind?
The following are just things I have seen from blackhat/defcon over the
years and criminal gang stories. I don't expect (m)any of them may be
related to passim, but most of the time the problems are with a
protocol/service which says "Here we've assuming your local network (aka
LAN) is a nice and friendly place, without evil people trying to overwhelm
your system or feed you fake files." So when I read that these days, I get
Going from other things it has been a way to inject bad packages, bad
metadata, mass system slowdowns across a fleet, using the service on N
systems as a DDOS against third parties (which they then charge fees for),
The bad packages are more of a problem because of stolen keys being used to
sign something. The 'onion' layers of protection that might have been in
place is that you get updates on that from a subset of 'secure' places.
Instead now, this could be any system which presents the signed data on a
distributed service which says its legitimate. [And depending on the P2P,
it can be that like cockroaches the bad data will keep popping up and
spreading so you need to make sure you have somewhere else a blacklist to
remove things.. though you need to make sure that blacklist can't be
Mass slowdowns are where you find that the sharing does some sort of scan
which can somehow be overloaded in some sort of CPU or disk usage loop
(this is usually a chained flaw in say a compression routine which 'should
never happen with legitimate data'.)
DDOS are where the metadata being shared points everyone to download
something from some place which isn't expecting it. [Or some packet lookup
that the P2P service expects]
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam, report it:
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren