| |||||||||||||
What's "older"?What's "older"?Posted Jul 7, 2009 19:03 UTC (Tue) by Thue (subscriber, #14277)In reply to: What's "older"? by madscientist Parent article: RUMOR: OpenSSH exploit
At http://secer.org/hacktools/0day-openssh-remote-exploit.html the attack is against OpenSSH 4.3, FWIW.
(Log in to post comments)
What's "older"? Posted Jul 7, 2009 22:38 UTC (Tue) by charlieb (subscriber, #23340) [Link]
If the transcript is undoctored, the target system is not vanilla RHEL5:
2.6.24.5-grsec-hostnoc-4.0.0-x86_64-libata
What's "older"? Posted Jul 8, 2009 12:52 UTC (Wed) by kpower (subscriber, #37136) [Link]
How much of that transcript is doctored?
How much of that is real?
How much is the result of social engineering?
How much is the result of harvesting passwords?
I think it's fake Posted Jul 8, 2009 14:30 UTC (Wed) by dskoll (subscriber, #1630) [Link]
I think someone compromised the machine through some other method like brute-forcing the password, and then doctored the transcript.
Nevertheless, I've played it safe and firewalled off SSH on all my Internet-facing machines except from friendly IPs. I guess we'll see in the next few days...
|
|||||||||||||