Re: Apache Software Foundation Server compromised, resecured. (fwd)

From: Dag-Erling Smorgrav (des@ofug.org)
Date: 06/01/01


To: Alex Holst <a@area51.dk>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 01 Jun 2001 15:40:04 +0200

Alex Holst <a@area51.dk> writes:
> That should be verified often with scanssh or something similar. I was
> surprised when I read about the compromise, because it gives the impression
> that people are still using passwords (as opposed to keys with passphrases)
> for authentication in this day and age.

Keys with passphrases wouldn't have made any difference. The ssh
binary on sourceforge was trojaned, and could have harvested ssh keys
just as easily as passwords.

DES

-- 
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... > gives the impression that people are still using passwords (as ... > opposed to keys with passphrases) for authentication in this day ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: ssh gives "Permission denied, please try again"
    ... as secure as those Debian generated keys... ... If you always pick passwords whose first four letters are 'A' you're ... The point being that keys are not some panacia and those that think they ... lots of people attack passwords, nobody attacks keys. ...
    (uk.comp.os.linux)
  • Re: ssh gives "Permission denied, please try again"
    ... possibly have enough entropy to be secure. ... If you always pick passwords whose first four letters are 'A' you're ... The point being that keys are not some panacia and those that think they ... I've seen a lot of dictionary attacks, ...
    (uk.comp.os.linux)
  • Re: Any Way to Defeat Cracker Login Attempts? (OS X)
    ... Ssh keys are more secure than passwords. ... By ssh keys I assume you mean PKA keys, unless I am misreading you yet ...
    (comp.sys.mac.system)
  • Re: SSH as root
    ... and the passwords are sent securely. ... unix passwords is when the same passwordcan be used to compromise ... > you are in the same boat if you choose passwords, or keys with passphrases. ... Yes, indeed, if the client system is compromised then all bets are off, ...
    (SSH)