Re: ?hack cause?

From: rir@vmei.acad.bg
Date: 03/27/02

Previous message: b. nyec: "RE: ?hack cause?"
Maybe in reply to: Andy Gabor: "?hack cause?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Mar 2002 08:00:55 +0200 (EET)
From: rir@vmei.acad.bg
To: focus-sun@securityfocus.com, ajgabor@ucdavis.edu

Hi,

I got a similar attack one and a half months ago.
A line was appended at the end of file /etc/init.d/network
/usr/bin/sshd2 -q
Many other files were modified like ls, ps, netstat, su, etc.
ls was modified not to show the file /etc/dhcp/dhcp.conf
which was supposed to store stolen usernames and passwords.
Hopfuly I run ssh on differenr port. There was one other
strange effect - when a user locks the display, their password
is rejected when trying to unlock the display.
I can't still figure out how it has happened.

Regards,

Rossen

Previous message: b. nyec: "RE: ?hack cause?"
Maybe in reply to: Andy Gabor: "?hack cause?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Patch Notes - Patch 2.3.2 (PTR)
... NPC's who you have completed a quest for will display a question mark ... A guildmaster always has full access to a guild bank and this cannot ... You will now automatically stand up when attacked, ... This spell will no longer cost twice the listed mana to ...
(alt.games.warcraft)
RE: SHA-1 vs. triple-DES for password encryption?
... when you deal with passwords. ... Cryptographers call an attack something that would work on say ... > triple-DES and SHA-1 algorithms available. ... By not using triple-DES there is no need to secure a key ...
(SecProg)
Re: Netowrk Admin. Breach
... attack, but at the time it was a little beyond me. ... But my approach to network security is similar to his.....I look at ... no business knowing any of your sensitive passwords. ... demonstrated that using an account with no privs. ...
(microsoft.public.windows.server.security)
Re: web browser security/hardening
... Never reuse any usernames, emails, or passwords ... cross site scripting is something the web sites you visit ... yourself...although disabling scripting anyway can thwart those attack ... The NSA has designated Norwich University a center of Academic ...
(Security-Basics)
ColdFusion cross-site scripting security vulnerability of an error page
... Macromedia's ColdFusion can display the various information about an error at the time of error occurred. ... An attacker can execute a script on victim's browser by preparing for WEB the link which embedded arbitrary scripts. ... The user who accesses a vulnerable server has a risk that forced to execute the arbitrary javascript and HTML code which the attacker embedded. ... When the code for an attack is contained in the contents to display, a cross-site scripting attack can be executed. ...
(Bugtraq)