l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Aug 11 11:03

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] password stolen at linuxworld
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] password stolen at linuxworld

Micah J. Cowan said:
> On Sun, Aug 10, 2003 at 04:26:57AM -0700, Ryan Castellucci wrote:
>> I suspect that my password was either sholder surfed (unlikely, it'd
>> be hard  to memorize....) or someone was runnning man-in-the-middle
>> attacks, and  forced an SSHv1 session to prevent a warning, simply
>> prompting for a new key.
> How would this be a vulnerability? I know that SSHv1 had some security
> flaws, but the only ones I remember reading about were pretty tough to
> successfully exploit.

Check out ettercap at <http://ettercap.sourceforge.net/>. It uses ARP
spoofing  to do man-in-the-middle attacks and can read all the data from
an SSH1 session. It's only a ./configure; make; make install away for

No PGP signature because I'm far from home and sending via webmail.

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.