Re: Debian Investigation Report after Server Compromises
On Thu, 04 Dec 2003 12:40:42 +0800, csj wrote:
> On 3. December 2003 at 5:52PM -0800,
> Vineet Kumar <firstname.lastname@example.org> wrote:
>> * Monique Y. Herman (email@example.com) [031203 16:59]:
>> > I have been wondering about the password-sniffing thing, too.
>> > If you send a password using ssh, isn't it encrypted?
>> > I suppose some debian developer's kid sister could have
>> > installed a keystroke logger on the dev machine ... um ...
>> Almost there -- minus the assumption that one needs physical
>> access to a machine to install a keystroke logger. At the risk
>> of perpetuating the telephone game, I recall reading that the
>> developer's machine had been rooted. I didn't hear how, but I
>> don't really see how it matters. I picture an always-on
>> machine in someone's home on a DSL or cable line.
> Now I'm curious: is it possible to get rooted while on dialup?
> I'm thinking of a user with access to a slow but dirt cheap
> dialup connection and so is online for significant stretches,
> say, eight hours. This also assumes that no trojans or similar
> have been installed on the user's system.
I use dialup (no option out in the sticks of Central Florida, even my
modem has a little wooden handle you have to crank to get the operator to
I have all services locked down to localhost; my only connections to
the outside world are mail, news via nntpcached, web via squid... I run
Apache but it too is locked down to localhost. My mail is run through my
ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
be getting like 10 Svens per day). I do see, from time to time, Apache
refusing connections attempts which are generally attacks by Windoze worms.
"The number of UNIX installations has grown to 10, with more expected."
(The UNIX Programmer's Manual, 2nd Edition, June 1972)