Re: Apache Software Foundation Server compromised, resecured. (fwd)

From: Hank Leininger (freebsd-security@progressive-comp.com)
Date: 06/01/01 

Date: Thu, 31 May 2001 20:43:10 -0400
From: Hank Leininger <freebsd-security@progressive-comp.com>
To: freebsd-security@FreeBSD.ORG

On 2001-06-01, "f.johan.beisser" <jan@caustic.org> wrote:

> On Fri, 1 Jun 2001, Alex Holst wrote:

> > impression that people are still using passwords (as opposed to keys
> > with passphrases) for authentication in this day and age. Is that
> > correct? If so, why is that?

> based on what i've read this morning, it wouldn't have made
> all that much of a difference. aparently the compromised
> version of ssh recorded passphrases, and keys.

> i don't see how else you could have avoided this problem.

a) Don't hop through untrusted systems.
b) Use protocol 2 exclusively to make MITM'ing harder.
c) Use/require from=" " entries in your authorized_keys* files.
d) When breaking a), exclusively port-forward the second hop inside the
   first; do *not* ssh to a command prompt and run 'ssh' on the
   intermediate host.
e) When breaking all of the above (in an emergency, say) communicate with
   someone OOB *immediately* who can revoke all access you used in a safe
   way, until you can restore it via safe channels (consider any keys,
   passwords, etc you used to be compromised and never use them again).
f) Hide under the bed. 

--
Hank Leininger <hlein@progressive-comp.com> 
  
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Loading