[vox-tech] lugod.org cracked?
Rick Moen
rick at linuxmafia.com
Tue Feb 15 17:13:50 PST 2005
Quoting ME (dugan at passwall.com):
[much really good advice, snipped]
> Weitse Venema and Dan Farmer gave a nice presentation on this and how
> each choice excludes the other two.
To a degree, yes. One might find it practical and quick to duplicate
all hard drive contents to other media, preserving chain of evidence and
maybe even leaving processes running on the compromised host. Which is
of course a double-edged sword. But you can then do the rebuild on
other hardware entirely -- if you have other hardware to work with, and
have reason to go that route.
> I came across this one and another article you had that provided links to
> a variety of integrity checking apps. Pretty good information there. I
> think we found one on your site too, and found that to be useful too.
(Thanks.) You're probably referring to my old "Attacking Linux"
article, http://security.itworld.com/4352/LWD000829hacking/pfindex.html .
All of those pieces, plus my brief "system break-ins even without remote
vulnerabilities" piece, talking about how an unnamed company's network
was compromised because of stolen SSH credentials[1], can always be
found linked from my personal page, http://linuxmafia.com/~rick/ .
[1] That was when V[**COUGH] Systems was compromised because some idiot
sysadmin in the IT Dept. SSHed out into a public Source[***COUGH***]
shell server then _and ssh/scp'ed back in_. The latter blunder was
fatal to company security, because he exposed vital security tokens on
an exposed public machine that happened to have been rooted a short
while before, because a user's tokens for access to _that_ machine
happened to have been compromised on a university box.
(No, said idiot sysadmin wasn't me, in case you're wondering. ;-> )
More information about the vox-tech
mailing list