Re: more details on the recent compromise of debian.org machines

To: debian-devel@lists.debian.org
Subject: Re: more details on the recent compromise of debian.org machines
From: Marc Haber <mh+debian-devel@zugschlus.de>
Date: Fri, 28 Nov 2003 10:51:02 +0100
Message-id: <[🔎] E1APfHC-00079L-00@q.bofh.de>
In-reply-to: <[🔎] 20031128090845.GB2998@lina.inka.de>
References: <8765h5wbgf.fsf@shiri.gloaming.local> <[🔎] 20031128090845.GB2998@lina.inka.de>

On Fri, 28 Nov 2003 10:08:45 +0100, Bernd Eckenfels
<lists@lina.inka.de> wrote:
>On Fri, Nov 28, 2003 at 01:04:00AM +0000, James Troup wrote:
>> On Wednesday 19th November (2003), at approximately 5pm GMT, a sniffed
>> password was used to access an (unprivileged) account on
>> klecker.debian.org.
>
>Can we have details on how that password was sniffed, or is this unknown?

Since the root kit used, suckit, includes a pty sniffer, I suspect
that the password was sniffed on a suckit-compromised third-party box
that one developer used.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

References:
- Re: more details on the recent compromise of debian.org machines
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by Date: Re: more details on the recent compromise of debian.org machines
Previous by thread: Re: more details on the recent compromise of debian.org machines
Next by thread: Re: more details on the recent compromise of debian.org machines
Index(es):
- Date
- Thread