Re: [vox] password stolen at linuxworld

To: vox@lists.lugod.MAPSorg
Subject: Re: [vox] password stolen at linuxworld
From: "Micah J. Cowan" <MAPSmicah@cowan.name>
Date: Sun, 10 Aug 2003 18:05:01 -0700
Delivered-to: lugod@livepenguin.com
Delivered-to: vox@livepenguin.com
In-reply-to: <20030810112727.F2BD01450B7@windy.turboslow.net>; from ryan+lugod@cal.net on Sun, Aug 10, 2003 at 04:26:57AM -0700
List-archive: <http://lists.lugod.org/pipermail/vox/>
List-help: <mailto:vox-request@lists.lugod.org?subject=help>
List-id: lugod's free for all mailing list <vox.lists.lugod.org>
List-post: <mailto:vox@lists.lugod.org>
List-subscribe: <http://lists.lugod.org/mailman/listinfo/vox>,<mailto:vox-request@lists.lugod.org?subject=subscribe>
List-unsubscribe: <http://lists.lugod.org/mailman/listinfo/vox>,<mailto:vox-request@lists.lugod.org?subject=unsubscribe>
References: <20030810112727.F2BD01450B7@windy.turboslow.net>
Reply-to: vox@lMAPSists.lugod.org
Sender: vox-admin@lists.lugod.MAPSorg
User-agent: Mutt/1.2.5.1i

On Sun, Aug 10, 2003 at 04:26:57AM -0700, Ryan Castellucci wrote:
> I suspect that my password was either sholder surfed (unlikely, it'd be hard 
> to memorize....) or someone was runnning man-in-the-middle attacks, and 
> forced an SSHv1 session to prevent a warning, simply prompting for a new key.

How would this be a vulnerability? I know that SSHv1 had some security
flaws, but the only ones I remember reading about were pretty tough to
successfully exploit.

Were you using a computer you owned? If not, it seems that by far the
most likely explanation would be a planted keystroke-recorder on the
client. If you were, think about whether anyone had access to it. Was
there *anything* you would have transmitted in the clear? *Exactly*
how did you access the server?

My sympathies
-Micah
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox

Follow-Ups:
- Re: [vox] password stolen at linuxworld
  - From: Samuel Merritt

References:
- [vox] password stolen at linuxworld
  - From: Ryan Castellucci

Prev by Date: Re: [vox] password stolen at linuxworld
Next by Date: SIEGE CENTER FOR HOME EQUIPMENTS MAINTENANCE
Previous by thread: Re: [vox] password stolen at linuxworld
Next by thread: Re: [vox] password stolen at linuxworld
Index(es):
- Date
- Thread

LUGOD Group on LinkedIn

LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.