diff options
| author | EuAndreh <eu@euandre.org> | 2020-11-29 00:31:49 -0300 |
|---|---|---|
| committer | EuAndreh <eu@euandre.org> | 2020-11-29 00:32:08 -0300 |
| commit | d764c48e34c55c930e3b2204e821d0aa260d01d1 (patch) | |
| tree | b04c244c29dce6cc19e9767332fbc31eedc03753 /TODOs.org | |
| parent | vps.scm: Add ci.$tld subdomain (diff) | |
| download | toph-d764c48e34c55c930e3b2204e821d0aa260d01d1.tar.gz toph-d764c48e34c55c930e3b2204e821d0aa260d01d1.tar.xz | |
TODOs.org: Ressurect decision on public SSH key leakage and add anchors
Diffstat (limited to 'TODOs.org')
| -rw-r--r-- | TODOs.org | 33 |
1 files changed, 32 insertions, 1 deletions
@@ -1,4 +1,7 @@ * Tasks +:PROPERTIES: +:CUSTOM_ID: tasks +:END: ** TODO External volume #+BEGIN_SRC hcl variable "storage_name" { @@ -36,6 +39,10 @@ re-creating everything from scratch. - http://rkhunter.sourceforge.net/ ** TODO Security review https://cheatsheetseries.owasp.org/Glossary.html +* Bugs +:PROPERTIES: +:CUSTOM_ID: bugs +:END: * Services ** TODO =git.$tld=: cgit ** TODO =$project.$tld=: static documentation for projects @@ -44,8 +51,32 @@ https://cheatsheetseries.owasp.org/Glossary.html ** TODO =chat.$tld=: Matrix/XMPP ** TODO =meet.$tld=: Jitsi/Nextcloud Talk ** TODO =$tld=: Jekyll blog +* Improvements * Decisions -** Matrix over XMPP +:PROPERTIES: +:CUSTOM_ID: decisions +:END: +** DONE On public SSH key leakage +:PROPERTIES: +:CUSTOM_ID: d38019ac-a2ad-484d-91e5-f4bdb1fa00ca +:END: +CLOSED: [2020-11-29 dim. 00:27] +- State "DONE" from [2020-09-06 dim. 00:00] + +As described in "[[https://rushter.com/blog/public-ssh-keys/][Public SSH keys can leak your private infrastructure]]", public +SSH keys can expose undesired infrastructure, specially for targeted attacks. + +I'm not considering this a threat, since the link between the server and me is +already public. It may be much more effective to just change the SSH port away +from the default: it doesn't accomplish the same thing, but it prevents simple +detections. It is still possible to find this out via a script, but is orders of +magnitute harder for the attacker. +** DONE Matrix over XMPP +:PROPERTIES: +:CUSTOM_ID: de89fc4e-5c36-4f6b-9227-221b70e9f321 +:END: +CLOSED: [2020-11-29 dim. 00:29] +- State "DONE" from [2020-11-29 dim. 00:29] I'm picking Matrix. Not because of the protocol or anything else, but because it has the two relevant double-puppeting bridges: mautrix-telegram and mautrix-whatsapp. |