Re: Debian Investigation Report after Server Compromises
On Thu, 04 Dec 2003 12:40:42 +0800, csj wrote:
> On 3. December 2003 at 5:52PM -0800,
> Vineet Kumar <vineet@doorstop.net> wrote:
>
>> * Monique Y. Herman (spam@bounceswoosh.org) [031203 16:59]:
>> > I have been wondering about the password-sniffing thing, too.
>> > If you send a password using ssh, isn't it encrypted?
>> >
>> > I suppose some debian developer's kid sister could have
>> > installed a keystroke logger on the dev machine ... um ...
>>
>> Almost there -- minus the assumption that one needs physical
>> access to a machine to install a keystroke logger. At the risk
>> of perpetuating the telephone game, I recall reading that the
>> developer's machine had been rooted. I didn't hear how, but I
>> don't really see how it matters. I picture an always-on
>> machine in someone's home on a DSL or cable line.
>
> Now I'm curious: is it possible to get rooted while on dialup?
> I'm thinking of a user with access to a slow but dirt cheap
> dialup connection and so is online for significant stretches,
> say, eight hours. This also assumes that no trojans or similar
> have been installed on the user's system.
>
> [...]
I use dialup (no option out in the sticks of Central Florida, even my
modem has a little wooden handle you have to crank to get the operator to
connect you).
I have all services locked down to localhost; my only connections to
the outside world are mail, news via nntpcached, web via squid... I run
Apache but it too is locked down to localhost. My mail is run through my
ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd
be getting like 10 Svens per day). I do see, from time to time, Apache
refusing connections attempts which are generally attacks by Windoze worms.
--
....................paul
"The number of UNIX installations has grown to 10, with more expected."
(The UNIX Programmer's Manual, 2nd Edition, June 1972)
Reply to: