[vox] Re: Password NOT stolen at linuxworld

Lynne Castellucci vox@lists.lugod.org
Sun, 17 Aug 2003 05:23:27 -0700


On Sun, Aug 17, 2003 at 05:01:30AM -0700, Ryan Castellucci wrote:
> On Mon, Aug 11, 2003 at 01:42:08PM -0700, Ryan Castellucci wrote:
> > OK, guys, here's the scoop... Somebody 0wned my system at
> > work, running debian testing. Installed this lovely password
> > logger, and snagged my password when I used SCPed a file.
> > I found a log file at /usr/lib/mem/mem
> > 
> > Bastards....
> 
> Well, looks like someone installed the same rootkit on cal.net's
> shell on or about april 24...
> 
> There's a rather large /usr/lib/mem/mem file on there, and I may
> have ssh'd into zaphod from cal.net's shell server, and this
> jackass got in from there. I am very, very irritated.

Yup... I just looked at my .ssh/known_hosts

So this is largely cal.net's fault.

$#^^$#@*$(#@%^)#$

$DEITY, I hate script kiddies.