Opinion on this, password changed, nothing suspicious in logs

To: Debian Security List <debian-security@lists.debian.org>
Subject: Opinion on this, password changed, nothing suspicious in logs
From: Marko Randjelovic <marko.mppa@gmail.com>
Date: Mon, 28 May 2012 15:49:40 +0200
Message-id: <[🔎] 4FC38274.4030609@gmail.com>

* I logged in my normal account on desktop PC last time successfuly saturday evening and turned off the computer 2 hours after midnight.
* At Sunday morning I went for a walk.
At 16 pm I turned on the computer but my password did not work.
* I checked the logs and found no trace of intrusion, but also no entry about password change.

I have Debian 6 desktop and firewall computers. I apply security pathes regulary, have active firewall and SELinux. The only problem I see could be the custom kernel 3.2 that is not completely patched.

I have logged in several times successfuly with that password, including immidiately after power on when there is no possibility of alternative keyboard layout and no need to touch caps lock.

For me it is obvious my account was compromised, but don't know if root privileges were acquired.

What do you think?

-- 
Marko Ranđelović, B.Sc.
Software Developer
Niš, Serbia
markoran@eunet.rs
marko.mppa@gmail.com
GnuPG Key: 11FF 0703 1C7A 8FB1 48C0  B63E 4D1C 0D3F 7281 F4B7

Reply to:

Follow-Ups:
- Re: Opinion on this, password changed, nothing suspicious in logs
  - From: Michael Stummvoll <michael@stummi.org>
- Re: Opinion on this, password changed, nothing suspicious in logs
  - From: Povl Ole Haarlev Olsen <debian-security@stderr.dk>

Prev by Date: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by Date: Re: Opinion on this, password changed, nothing suspicious in logs
Previous by thread: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by thread: Re: Opinion on this, password changed, nothing suspicious in logs
Index(es):
- Date
- Thread