l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Aug 12 02:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] password stolen at linuxworld
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] password stolen at linuxworld

On Sun, Aug 10, 2003 at 04:26:57AM -0700, Ryan Castellucci wrote:
> I suspect that my password was either sholder surfed (unlikely, it'd be hard 
> to memorize....) or someone was runnning man-in-the-middle attacks, and 
> forced an SSHv1 session to prevent a warning, simply prompting for a new key.

How would this be a vulnerability? I know that SSHv1 had some security
flaws, but the only ones I remember reading about were pretty tough to
successfully exploit.

Were you using a computer you owned? If not, it seems that by far the
most likely explanation would be a planted keystroke-recorder on the
client. If you were, think about whether anyone had access to it. Was
there *anything* you would have transmitted in the clear? *Exactly*
how did you access the server?

My sympathies
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.