acpizer@mach.unseen.org
Tue, 3 Nov 1998 08:39:07 +0000 (GMT)
I've heard the following secenario:
There is 1 user account on the rootshell box, the same user had an
account on another maehicne, somewhere, he was using the same password on
both, the attacker found the usere's password on machine A and went to try
it on machine B.
bye.
-------------------------------------------------------------------------------
"Probably you've only really grown up, when you can bear not being understood."
Marian Gold /Alphaville
On Tue, 3 Nov 1998, Anonymous wrote:
>
> Tatu Ylonen wrote:
> > We are also trying to track down the linux compilation problem that
> > may have caused the false alert behind the IBM advisory. We will
> > issue an announcement as soon as possible if real vulnerability is
> > found.
>
> A second possibility, which I obviously can't judge as likely or unlikely
> in this case, is that some binary has been intentionally compromised --
> adversary gets access for a short time -> bad binaries...time
> passes...buffer overflow exploited -> recompilation -> good binaries ->
> world-famous disappearing exploit. If the binaries were downloaded, then
> we have an entirely different issue to consider (binaries changed at a
> source or, less likely, an actual MITM attack).
>
> If you think it's worth checking, just compare hashes of those binaries
> (or, if you're ultra-paranoid, actual binaries) which should be identical.
>
> > Tatu Ylonen <ylo@ssh.fi>
>
> (I won't be able to read replies on ssh)
>
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:17:17