Re: more details on the recent compromise of debian.org machines
On Fri, 28 Nov 2003 10:08:45 +0100, Bernd Eckenfels
<lists@lina.inka.de> wrote:
>On Fri, Nov 28, 2003 at 01:04:00AM +0000, James Troup wrote:
>> On Wednesday 19th November (2003), at approximately 5pm GMT, a sniffed
>> password was used to access an (unprivileged) account on
>> klecker.debian.org.
>
>Can we have details on how that password was sniffed, or is this unknown?
Since the root kit used, suckit, includes a pty sniffer, I suspect
that the password was sniffed on a suckit-compromised third-party box
that one developer used.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
Reply to: