Re: Visited by a cracker
From: Mario Ohnewald (mario.ohnewald_at_gmx.de)
Date: 07/14/04
- Previous message: Michael LaSalvia: "RE: Certifying a RedHat Install"
- In reply to: Alan Hicks: "Re: Visited by a cracker"
- Next in thread: Per Christian B. Viken: "Visited by a cracker"
- Reply: Per Christian B. Viken: "Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Wed, 14 Jul 2004 20:15:48 +0200
On Wed, 2004-07-14 at 00:45, Alan Hicks wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jul 13, 2004, at 11:20 AM, Arthur Chan wrote:
> > Is it at all possible that the cracker tampered his .bash_history and
> > left
> > it there to fool you?
>
> Anything's possible when a cracker's involved, but I wouldn't think
> this is a likely scenario. A good cracker wouldn't have left it so that
> top or ps would show his processes (like the strace), and thus likely
> wouldn't have left the .bash_history around either.
What if he did that on purpose? It would be risky, but clever. He could
get away with a jackpot :)
- Previous message: Michael LaSalvia: "RE: Certifying a RedHat Install"
- In reply to: Alan Hicks: "Re: Visited by a cracker"
- Next in thread: Per Christian B. Viken: "Visited by a cracker"
- Reply: Per Christian B. Viken: "Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
