Hosting Provided By

Re: secure installation

From: Celejar <celejar(at)gmail.com>
Date: Fri Aug 17 2007 - 09:29:11 EDT

On Thu, 16 Aug 2007 18:21:59 -0500 (CDT) "R. W. Rodolico" <rod@dailydata.net> wrote:

[snip]

> Firewalls are for a stupidity shield. I had a situation where I was
> cracked on one of my servers a few years ago. It was totally my fault; I
> had a user I had mistakingly set up as an authorized ssh user who
> shouldn't have been. Their account was cracked, then the cracker got root
> access and installed a daemon that was ready to attack another server.

Just curious; anyone can forget a user account, but how did the attacker get root?

> R. W. "Rod" Rodolico

Celejar

--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Aug 17 09:33:06 2007

This message: [ Message body ]
Next message: Celejar: "Re: secure installation"
Previous message: Martin Zobel-Helas: "Re: security.debian.org: MD5Sum mismatch"
In reply to: R. W. Rodolico: "Re: secure installation"
Next in thread: Russ Allbery: "Re: secure installation"
Reply: Russ Allbery: "Re: secure installation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:52:47 EDT