|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Rootshell pages hacked
In message <[email protected]>, "Adam D. McKenna" writes: > They claim they were running only qmail, apache and ssh, but who knows if > that's true. > > I have heard rumours about an ssh exploit but nothing concrete. I know of some interesting sites that were hacked into "using ssh" recently. The trick is to attack the SSH *client* machine, and them take advantage of things like a running ssh-agent and existing authorized_keys files to connect to the server host using the existing (valid) trust relationship. This isn't an SSH bug, merely a standard side effect of distributed trust. -- C. Harald Koch <[email protected]> "It takes a child to raze a village." -Michael T. Fry
|