Re: solid backdoor using certificates?
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: Sun, 23 Nov 2003 10:49:22 -0500
"P.B." <donald at duckburg.cjb.net> wrote in message
> "Andy Law" <No@Spam.ac.uk> schrieb im Newsbeitrag
> > Aren't you struck by the irony of complaining about a 'vulnerability'
> > having just described a scenario in which your server has been hacked
> > with root permissions?
> > If you get hacked at that level you shut *everything* down and add them
> > back one at a time. That includes keys in .ssh directories along with
> > *all* other forms of access.
> *sigh* - I am totally aware of that, BUT what I meant was, that if the
> hacker was able to break in unnoticed, he would be able to keep silent -
> way easier than having to modify "passwd" and "shadow" to open a
> (I am not talking about the "breaking-in" part, but about the
> "staying-unnoticed" part of intrusion)
That *is* a problem. It's particularly a problem on the machines of twits
who keep their .ssh directories on NFS-mounted home directories, which is
way too common in university and workgroup environments.