|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Rootshell pages hacked
Btw. I know exactly where does hackers get troyaned SSHD from, and I am sure they begin to install it more and more. We can't exclude if some day the original SSH daemon /or, for a joke, Microsoft NT/) will be troyaned from the very start point. On Thu, 5 Nov 1998, Michael Freeman wrote: > Date: Thu, 5 Nov 1998 12:30:11 +0000 (Local time zone must be set--see zic manual page) > From: Michael Freeman <[email protected]> > To: "Alex P. Rudnev" <[email protected]> > Cc: dhiraj murthy <[email protected]>, > "Adam D. McKenna" <[email protected]>, Joe Shaw <[email protected]>, > JR Mayberry <[email protected]>, neil <[email protected]>, > Russ Haynal <[email protected]>, [email protected] > Subject: Re: Rootshell pages hacked > > Me three. If they don't turn up I think I am going to make the > modifications myself. I am using an old s/key implmentation though, from > thumper.bellcore.net I believe, anyone know of any others? Thanks. > > On Thu, 5 Nov 1998, Alex P. Rudnev wrote: > > > Btw, it's of great interest for me too. > > > > > > On Thu, 5 Nov 1998, dhiraj murthy wrote: > > > > > Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST) > > > From: dhiraj murthy <[email protected]> > > > To: "Alex P. Rudnev" <[email protected]> > > > Cc: Michael Freeman <[email protected]>, > > > "Adam D. McKenna" <[email protected]>, Joe Shaw <[email protected]>, > > > JR Mayberry <[email protected]>, neil <[email protected]>, > > > Russ Haynal <[email protected]>, [email protected] > > > Subject: Re: Rootshell pages hacked > > > > > > I am trying to get ssh working with skey. anyone know where to get patches > > > to force 1.2.6 to do this? > > > > > > thanks, > > > > > > -dhiraj > > > > > > On Mon, 2 Nov 1998, Alex P. Rudnev wrote: > > > > > > > SSh withouth S/KEy or some kind of one time password is useless in case > > > > of any compromyse passwords (except the case when you'd like to restrict > > > > acxcess to the trusted set of hosts). SSH itself do not believe to be a > > > > problem, UNIX one-time passwords are real problem. Another bad problem is > > > > _the same UNIX password for all purposes_ - I can sniff your FTP password > > > > and use it for SSH access (for example). > > > > > > > > > > > > > > > > > > > > > > > > On Sat, 31 Oct 1998, Michael Freeman wrote: > > > > > > > > > Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page) > > > > > From: Michael Freeman <[email protected]> > > > > > To: "Adam D. McKenna" <[email protected]> > > > > > Cc: Joe Shaw <[email protected]>, JR Mayberry <[email protected]>, > > > > > neil <[email protected]>, Russ Haynal <[email protected]>, > > > > > [email protected] > > > > > Subject: Re: Rootshell pages hacked > > > > > > > > > > It is not a fucking problem in SSH! Jesus christ, people do not listen. > > > > > If it had anything to do with ssh, heres what happened. (speculation) A > > > > > trusted host was compromised that Kit Knox or another rootshell staff > > > > > member used, ssh was trojaned and passwords were snagged, and the intruder > > > > > simply walked right in through the front door. Nothing sophisticated, > > > > > nothing fancy, no ssh remote exploits. > > > > > > > > > > On Thu, 29 Oct 1998, Adam D. McKenna wrote: > > > > > > > > > > > They claim they were running only qmail, apache and ssh, but who knows if > > > > > > that's true. > > > > > > > > > > > > I have heard rumours about an ssh exploit but nothing concrete. > > > > > > > > > > > > --Adam > > > > > > > > > > > > -----Original Message----- > > > > > > From: Joe Shaw <[email protected]> > > > > > > To: JR Mayberry <[email protected]> > > > > > > Cc: neil <[email protected]>; Russ Haynal <[email protected]>; > > > > > > [email protected] <[email protected]> > > > > > > Date: Thursday, October 29, 1998 2:36 PM > > > > > > Subject: Re: Rootshell pages hacked > > > > > > > > > > > > > > > > > > I thought they were runnign qmail? > > > > > > > > > > > > Joe > > > > > > > > > > > > On Thu, 29 Oct 1998, JR Mayberry wrote: > > > > > > > > > > > > > Supposedly sendmail 8.9.1 is to blame, not ssh. > > > > > > > http://www.sendmail.com/sendmail.8.9.1a.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow > > > > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) > > > > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) > > > > > > > > > > > > > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow > > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) > > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) > > > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|