Re: Debian Investigation Report after Server Compromises
On Wed, 03 Dec 2003 at 22:36 GMT, Alex Malinovich penned:
>
> --=-0wVW9GplMT9KFGFuBZNx Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
>
> On Wed, 2003-12-03 at 11:33, Dr. MacQuigg wrote:
>> After reading the report at=20
>> http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.htm=
> l
>> and following this newsgroup discussion, I have some very basic
>> questions=
>:
>>=20 1) What is a "sniffed password", and how do they know the
>>attacker used =
> a=20
>> password that was "sniffed", rather than just stolen out of
>> someone's=20 notebook?
>
> (NOTE: I am by no means an expert on any of this, so don't take this
> as a definitive answer on the subjects.)
>
> I'm not sure of the specifics of how the attacker obtained the
> passwords, but you can "sniff" a password both over a network
> connection as well as locally. For example, using a keystroke logger,
> you could get the password as a user was typing it in.
I have been wondering about the password-sniffing thing, too. If you
send a password using ssh, isn't it encrypted?
I suppose some debian developer's kid sister could have installed a
keystroke logger on the dev machine ... um ...
The "sniffing" part of this exploit has been left unexplained thus far.
Maybe that's because the mechanism is obvious to the initiated ... but
it's not obvious to me.
--
monique
Reply to: