About those “widely publicized instructions” in AI responses and consider the use of AWS ACM instead
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Security Automation (Pre-AI). The Code.
⚙️ AI Automation. The Code.
🔒 Related Stories: Cybersecurity | Penetration Tests
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I’ve shown how to use xrdp on Ubuntu in prior posts. I mentioned the “snakeoil” certificate in prior posts. Let’s look into this a bit more.
When you set up xrdp it uses the snakeoil certificate to encrypt traffic potentially. You’ll get an error in the logs that says it doesn’t have permission to view that certificate by default. If you ask Google’s AI mode (currently) it tells you to add the xrdp service to the group that is allowed to view — all certificates.
I asked Google’s AI mode repeatedly — should I really give access to all certicates on the host? Yes, you should! (with an exclamation mark even). Also, yes, it’s widely documented…
To which I reply, garbage in…garbage out.
I disagree with that widely documented instruction just as I disagreed with leaving all outbound firewall rules open back in the day.
