[vox] Re: Password NOT stolen at linuxworld
Ryan Castellucci
vox@lists.lugod.org
Sun, 17 Aug 2003 06:03:26 -0700
On Sun, Aug 17, 2003 at 05:01:30AM -0700, Ryan Castellucci wrote:
> On Mon, Aug 11, 2003 at 01:42:08PM -0700, Ryan Castellucci wrote:
> > OK, guys, here's the scoop... Somebody 0wned my system at
> > work, running debian testing. Installed this lovely password
> > logger, and snagged my password when I used SCPed a file.
> > I found a log file at /usr/lib/mem/mem
> >
> > Bastards....
>
> Well, looks like someone installed the same rootkit on cal.net's
> shell on or about april 24...
>
> There's a rather large /usr/lib/mem/mem file on there, and I may
> have ssh'd into zaphod from cal.net's shell server, and this
> jackass got in from there. I am very, very irritated.
Yup... I just looked at my .ssh/known_hosts
So this is largely cal.net's fault.
$#^^$#@*$(#@%^)#$
$DEITY, I hate script kiddies.