North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Rootshell pages hacked

  • From: Michael Freeman
  • Date: Thu Nov 05 13:53:18 1998

Me three.  If they don't turn up I think I am going to make the
modifications myself. I am using an old s/key implmentation though, from
thumper.bellcore.net I believe, anyone know of any others? Thanks.

On Thu, 5 Nov 1998, Alex P. Rudnev wrote:

> Btw, it's of great interest for me too.
> 
> 
> On Thu, 5 Nov 1998, dhiraj murthy wrote:
> 
> > Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST)
> > From: dhiraj murthy <[email protected]>
> > To: "Alex P. Rudnev" <[email protected]>
> > Cc: Michael Freeman <[email protected]>,
> >     "Adam D. McKenna" <[email protected]>, Joe Shaw <[email protected]>,
> >     JR Mayberry <[email protected]>, neil <[email protected]>,
> >     Russ Haynal <[email protected]>, [email protected]
> > Subject: Re: Rootshell pages hacked
> > 
> > I am trying to get ssh working with skey. anyone know where to get patches
> > to force 1.2.6 to do this?
> > 
> > thanks,
> > 
> > -dhiraj
> > 
> > On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
> > 
> > > SSh withouth S/KEy or some kind of one time password is useless in case 
> > > of any compromyse passwords (except the case when you'd like to restrict 
> > > acxcess to the trusted set of hosts). SSH itself do not believe to be a 
> > > problem, UNIX one-time passwords are real problem. Another bad problem is 
> > > _the same UNIX password for all purposes_ - I can sniff your FTP password 
> > > and use it for SSH access (for example).
> > > 
> > > 
> > > 
> > > 
> > > 
> > > On Sat, 31 Oct 1998, Michael Freeman wrote:
> > > 
> > > > Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page)
> > > > From: Michael Freeman <[email protected]>
> > > > To: "Adam D. McKenna" <[email protected]>
> > > > Cc: Joe Shaw <[email protected]>, JR Mayberry <[email protected]>,
> > > >     neil <[email protected]>, Russ Haynal <[email protected]>,
> > > >     [email protected]
> > > > Subject: Re: Rootshell pages hacked
> > > > 
> > > > It is not a fucking problem in SSH! Jesus christ, people do not listen.
> > > > If it had anything to do with ssh, heres what happened. (speculation) A
> > > > trusted host was compromised that Kit Knox or another rootshell staff
> > > > member used, ssh was trojaned and passwords were snagged, and the intruder
> > > > simply walked right in through the front door. Nothing sophisticated,
> > > > nothing fancy, no ssh remote exploits.
> > > > 
> > > > On Thu, 29 Oct 1998, Adam D. McKenna wrote:
> > > > 
> > > > > They claim they were running only qmail, apache and ssh, but who knows if
> > > > > that's true.
> > > > > 
> > > > > I have heard rumours about an ssh exploit but nothing concrete.
> > > > > 
> > > > > --Adam
> > > > > 
> > > > > -----Original Message-----
> > > > > From: Joe Shaw <[email protected]>
> > > > > To: JR Mayberry <[email protected]>
> > > > > Cc: neil <[email protected]>; Russ Haynal <[email protected]>;
> > > > > [email protected] <[email protected]>
> > > > > Date: Thursday, October 29, 1998 2:36 PM
> > > > > Subject: Re: Rootshell pages hacked
> > > > > 
> > > > > 
> > > > > I thought they were runnign qmail?
> > > > > 
> > > > > Joe
> > > > > 
> > > > > On Thu, 29 Oct 1998, JR Mayberry wrote:
> > > > > 
> > > > > > Supposedly sendmail 8.9.1 is to blame, not ssh.
> > > > > > http://www.sendmail.com/sendmail.8.9.1a.html
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > 
> > > > 
> > > 
> > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> > > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> > > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
> > > 
> > 
> > 
> 
> Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
>