Re: solid backdoor using certificates?

From: Nico Kadel-Garcia (
Date: 11/23/03

Date: Sun, 23 Nov 2003 10:49:22 -0500

"P.B." <donald at> wrote in message
> "Andy Law" <> schrieb im Newsbeitrag
> > Aren't you struck by the irony of complaining about a 'vulnerability'
> > having just described a scenario in which your server has been hacked
> > with root permissions?
> >
> > If you get hacked at that level you shut *everything* down and add them
> > back one at a time. That includes keys in .ssh directories along with
> > *all* other forms of access.
> *sigh* - I am totally aware of that, BUT what I meant was, that if the
> hacker was able to break in unnoticed, he would be able to keep silent -
> way easier than having to modify "passwd" and "shadow" to open a
> (I am not talking about the "breaking-in" part, but about the
> "staying-unnoticed" part of intrusion)

That *is* a problem. It's particularly a problem on the machines of twits
who keep their .ssh directories on NFS-mounted home directories, which is
way too common in university and workgroup environments.