Rootshell pages hacked

• Previous message (by thread): Rootshell pages hacked
• Next message (by thread): Rootshell pages hacked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <04c601be0373$c0dc2d90$e50984a9 at flounder.telecom.idt.net>, "Adam D. McKenna" writes:
> They claim they were running only qmail, apache and ssh, but who knows if
> that's true.
> 
> I have heard rumours about an ssh exploit but nothing concrete.

I know of some interesting sites that were hacked into "using ssh" recently.
The trick is to attack the SSH *client* machine, and them take advantage of
things like a running ssh-agent and existing authorized_keys files to connect
to the server host using the existing (valid) trust relationship. This isn't
an SSH bug, merely a standard side effect of distributed trust.

-- 
C. Harald Koch     <chk at utcc.utoronto.ca>

"It takes a child to raze a village."
		-Michael T. Fry

• Previous message (by thread): Rootshell pages hacked
• Next message (by thread): Rootshell pages hacked
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]