[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Investigation Report after Server Compromises

On Wed, 03 Dec 2003 at 23:05 GMT, Monique Y. Herman penned:
> I have been wondering about the password-sniffing thing, too.  If you
> send a password using ssh, isn't it encrypted?
> I suppose some debian developer's kid sister could have installed a
> keystroke logger on the dev machine ... um ...
> The "sniffing" part of this exploit has been left unexplained thus
> far.  Maybe that's because the mechanism is obvious to the initiated
> ... but it's not obvious to me.

After reading a few more responses, I realize that of course a debian
developer's machine could get compromised.  I guess I just thought they
were infallible *grin*

Now, the real question is, what exploit was used to get onto that dev's
machine in the first place?


Reply to: