Re: Debian Investigation Report after Server Compromises
After reading the report at
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
and following this newsgroup discussion, I have some very basic questions:
1) What is a "sniffed password", and how do they know the attacker used a
password that was "sniffed", rather than just stolen out of someone's
notebook?
2) Was the breakin done remotely, or by someone with physical access to
the machine or network? I thought that "sniffing" required physical access
to a network over which unencrypted data was being transferred. Are the
remote logins to Debian servers unencrypted?
3) How does an attacker with a user-level password gain root access? I
understand you can call system services that have root access, and provide
bad data in those calls that will cause buffer overflows, maybe even a
machine crash, but how does a buffer overflow allow root access? I know
there is a deep technical explanation for this, but I'm hoping someone can
explain it in simple terms, or maybe point me to a good article or book
chapter.
-- Dave
Reply to: