[vox] password stolen at linuxworld
Peter Jay Salzman
vox@lists.lugod.org
Sun, 10 Aug 2003 08:36:49 -0700
On Sun 10 Aug 03, 8:30 AM, Peter Jay Salzman <p@dirac.org> said:
> On Sun 10 Aug 03, 8:14 AM, Bill Kendrick <nbs@sonic.net> said:
> >On Sun, Aug 10, 2003 at 04:26:57AM -0700, Ryan Castellucci wrote:
> >>
> >> Someone at linux world seems to have gotten ahold of my ssh user password
> >> from when I used it at linuxworld.
> ><snip>
> >>
> >> I suspect that my password was either sholder surfed (unlikely, it'd be hard
> >> to memorize....) or someone was runnning man-in-the-middle attacks, and
> >> forced an SSHv1 session to prevent a warning, simply prompting for a new key.
> >
> > Ouch! Is this something any of the rest of us LWE volunteer folks need to
> > worry about? (I logged into my sonic account numerous times from LWE;
> > mostly from Melissa's laptop,
>
> then probably.
>
> > but also occasionally from other people's
> > laptops, I _think_... it's all such a blur)
>
> then DEFINITELY.
>
> ssh isn't a panacea for security. it's ONLY as secure as the system on
> which you use it. and you should trust it only as far as you trust the
> the system you're using it on.
>
> pete
ack. i didn't mean to be an alarmist. i didn't mean your DEFINITELY
hacked. i meant you definitely want to be on the lookout. debian has a
package that looks for common rootkits. also, pay attention to outside
connections, log files, do a search for "..." and "pfloyd", and look in
/dev. black hat hackers love to hide files in /dev.
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D