Rootshell pages hacked
Alex P. Rudnev
alex at Relcom.EU.net
Thu Nov 5 17:11:13 UTC 1998
Btw, it's of great interest for me too.
On Thu, 5 Nov 1998, dhiraj murthy wrote:
> Date: Thu, 5 Nov 1998 11:49:19 -0500 (EST)
> From: dhiraj murthy <soa at funkytekno.exodus.net>
> To: "Alex P. Rudnev" <alex at Relcom.EU.net>
> Cc: Michael Freeman <mikef at boris.talentsoft.com>,
> "Adam D. McKenna" <adam at flounder.net>, Joe Shaw <jshaw at insync.net>,
> JR Mayberry <rick at magpage.com>, neil <neil at junior.uwc.ac.za>,
> Russ Haynal <russ at navigators.com>, nanog at merit.edu
> Subject: Re: Rootshell pages hacked
>
> I am trying to get ssh working with skey. anyone know where to get patches
> to force 1.2.6 to do this?
>
> thanks,
>
> -dhiraj
>
> On Mon, 2 Nov 1998, Alex P. Rudnev wrote:
>
> > SSh withouth S/KEy or some kind of one time password is useless in case
> > of any compromyse passwords (except the case when you'd like to restrict
> > acxcess to the trusted set of hosts). SSH itself do not believe to be a
> > problem, UNIX one-time passwords are real problem. Another bad problem is
> > _the same UNIX password for all purposes_ - I can sniff your FTP password
> > and use it for SSH access (for example).
> >
> >
> >
> >
> >
> > On Sat, 31 Oct 1998, Michael Freeman wrote:
> >
> > > Date: Sat, 31 Oct 1998 14:45:51 +0000 (Local time zone must be set--see zic manual page)
> > > From: Michael Freeman <mikef at boris.talentsoft.com>
> > > To: "Adam D. McKenna" <adam at flounder.net>
> > > Cc: Joe Shaw <jshaw at insync.net>, JR Mayberry <rick at magpage.com>,
> > > neil <neil at junior.uwc.ac.za>, Russ Haynal <russ at navigators.com>,
> > > nanog at merit.edu
> > > Subject: Re: Rootshell pages hacked
> > >
> > > It is not a fucking problem in SSH! Jesus christ, people do not listen.
> > > If it had anything to do with ssh, heres what happened. (speculation) A
> > > trusted host was compromised that Kit Knox or another rootshell staff
> > > member used, ssh was trojaned and passwords were snagged, and the intruder
> > > simply walked right in through the front door. Nothing sophisticated,
> > > nothing fancy, no ssh remote exploits.
> > >
> > > On Thu, 29 Oct 1998, Adam D. McKenna wrote:
> > >
> > > > They claim they were running only qmail, apache and ssh, but who knows if
> > > > that's true.
> > > >
> > > > I have heard rumours about an ssh exploit but nothing concrete.
> > > >
> > > > --Adam
> > > >
> > > > -----Original Message-----
> > > > From: Joe Shaw <jshaw at insync.net>
> > > > To: JR Mayberry <rick at magpage.com>
> > > > Cc: neil <neil at junior.uwc.ac.za>; Russ Haynal <russ at navigators.com>;
> > > > nanog at merit.edu <nanog at merit.edu>
> > > > Date: Thursday, October 29, 1998 2:36 PM
> > > > Subject: Re: Rootshell pages hacked
> > > >
> > > >
> > > > I thought they were runnign qmail?
> > > >
> > > > Joe
> > > >
> > > > On Thu, 29 Oct 1998, JR Mayberry wrote:
> > > >
> > > > > Supposedly sendmail 8.9.1 is to blame, not ssh.
> > > > > http://www.sendmail.com/sendmail.8.9.1a.html
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> > Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> > (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
> > (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
> >
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
More information about the NANOG
mailing list