[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Opinion on this, password changed, nothing suspicious in logs

Except if there was a means of WOL the untruder was aware of.

Viele Grüße,
Patrick Geschke

Sent from the road.

Am 29.05.2012 um 13:08 schrieb Michael Stummvoll <michael@stummi.org>:

> Am Mon, 28 May 2012 15:49:40 +0200
> schrieb Marko Randjelovic <marko.mppa@gmail.com>:
>> * I logged in my normal account on desktop PC last time successfuly
>> saturday evening and turned off the computer 2 hours after midnight.
>> * At Sunday morning I went for a walk.
>> At 16 pm I turned on the computer but my password did not work.
>> * I checked the logs and found no trace of intrusion, but also no
>> entry about password change.
>> I have Debian 6 desktop and firewall computers. I apply security
>> pathes regulary, have active firewall and SELinux. The only problem I
>> see could be the custom kernel 3.2 that is not completely patched.
>> I have logged in several times successfuly with that password,
>> including immidiately after power on when there is no possibility of
>> alternative keyboard layout and no need to touch caps lock.
>> For me it is obvious my account was compromised, but don't know if
>> root privileges were acquired.
>> What do you think?
> if your computer was turned off in the meanwhile it couldn't get
> compromised - except somebody with hardware-access turned it on. I
> don't know how possible this is in your case. But if somebody is smart
> enough to get hw-access to your computer and boot it with a live-system
> he wouldn't be such a fool to betray his compromision by changing a
> password. so I think its an software or configuration problem, or
> something on layer 8 ;)
> to change a password with user-rights you need the password of this
> user, even he is logged in already
> kind regards, 
> Michael
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20120529130716.06bd8879@eddie">http://lists.debian.org/[🔎] 20120529130716.06bd8879@eddie

Reply to: