Re: Apache Software Foundation Server compromised, resecured. (fwd)
From: Dag-Erling Smorgrav (des@ofug.org)
Date: 06/01/01
- Next message: Dag-Erling Smorgrav: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Previous message: Dag-Erling Smorgrav: "Re: Limiting TCP RST Response Packets"
- In reply to: Alex Holst: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Next in thread: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Alex Holst <a@area51.dk> From: Dag-Erling Smorgrav <des@ofug.org> Date: 01 Jun 2001 15:40:04 +0200
Alex Holst <a@area51.dk> writes:
> That should be verified often with scanssh or something similar. I was
> surprised when I read about the compromise, because it gives the impression
> that people are still using passwords (as opposed to keys with passphrases)
> for authentication in this day and age.
Keys with passphrases wouldn't have made any difference. The ssh
binary on sourceforge was trojaned, and could have harvested ssh keys
just as easily as passwords.
DES
-- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Dag-Erling Smorgrav: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Previous message: Dag-Erling Smorgrav: "Re: Limiting TCP RST Response Packets"
- In reply to: Alex Holst: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Next in thread: Karsten W. Rohrbach: "Re: Apache Software Foundation Server compromised, resecured. (fwd)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
