l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Aug 10 08:54

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] password stolen at linuxworld
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] password stolen at linuxworld

On Sun 10 Aug 03,  8:30 AM, Peter Jay Salzman <p@dirac.org> said:
> On Sun 10 Aug 03,  8:14 AM, Bill Kendrick <nbs@sonic.net> said:
> >On Sun, Aug 10, 2003 at 04:26:57AM -0700, Ryan Castellucci wrote:
> >> 
> >> Someone at linux world seems to have gotten ahold of my ssh user password 
> >> from when I used it at linuxworld.
> ><snip>
> >> 
> >> I suspect that my password was either sholder surfed (unlikely, it'd be hard 
> >> to memorize....) or someone was runnning man-in-the-middle attacks, and 
> >> forced an SSHv1 session to prevent a warning, simply prompting for a new key.
> > 
> > Ouch!  Is this something any of the rest of us LWE volunteer folks need to
> > worry about?  (I logged into my sonic account numerous times from LWE;
> > mostly from Melissa's laptop,
> then probably.
> > but also occasionally from other people's
> > laptops, I _think_...  it's all such a blur)
> ssh isn't a panacea for security.  it's ONLY as secure as the system on
> which you use it.  and you should trust it only as far as you trust the
> the system you're using it on.
> pete

ack.  i didn't mean to be an alarmist.  i didn't mean your DEFINITELY
hacked.  i meant you definitely want to be on the lookout.  debian has a
package that looks for common rootkits.  also, pay attention to outside
connections, log files, do a search for "..." and "pfloyd", and look in
/dev.  black hat hackers love to hide files in /dev.


GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.