Skip to content
Naked Security Naked Security

“Orpheus’ Lyre” – where it came from, and what to do [VIDEO]

From how the "Orpheus' Lyre" bug got its weird name all the way to what we can learn from it. No jargon, just plain English. Enjoy...

Here’s our latest Facebook Live video – a fun but informative way to keep on top of the latest security issues.

This week, a security hole called Orpheus’ Lyre made the news – it affects Windows, Linux and more.

From how this bug got its weird name all the way to the lessons that today’s programmers can learn from it – Paul Ducklin talks you through the problem and how to fix it, no jargon, just plain English.


(Can’t see the video directly above this line? Watch on Facebook instead.)


Thank you for spreading the word to patch. As we described on our website we are not provided all of the attack details yet because there are still widely distributed products containing Kerberos implementations for which no patches are available. Heimdal, MIT and Windows are not the only independently developed implementations.

We will not say more about the attack until more vendors have an opportunity to patch.

The video does contain one important mistake that must be corrected. Apple macOS (aka OSX) switched Kerberos implementations from MIT to Heimdal in 2008.


I made a mistake there because I have both Heimdal and MIT versions thanks to using Macports, which has its own Kerberos 5. when I ran klist to check the version number, I didn’t check whether I had run the one from Macports or the native one from /usr/bin.

I’ll add a comment to the video, thanks.

PS. That audio autoplay on your website really hurts :-)


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!