[vox] Password NOT stolen at linuxworld
Ryan Castellucci
vox@lists.lugod.org
Mon, 11 Aug 2003 14:12:53 -0700
On Mon, Aug 11, 2003 at 01:56:43PM -0700, Michael Wenk wrote:
> On Monday 11 August 2003 01:42 pm, Ryan Castellucci wrote:
> > OK, guys, here's the scoop... Somebody 0wned my system at
> > work, running debian testing. Installed this lovely password
> > logger, and snagged my password when I used SCPed a file.
> > I found a log file at /usr/lib/mem/mem
> >
> > Bastards....
> >
> > Anyone wanna help me do a post-mortem on the box to find out
> > how it was exploited?
>
>
> That could be interesting. How through of a post are you planning?
As detailed as possible....
I would actualy like some help, if anyone is interested.
The machine hasn't been cleaned yet, but as far as I can tell it was
0wned quite some time ago, and any logs on the breaking will have
been rotated into /dev/null