urgent notice on Linux security (fwd)
miah
jjohnson at sunrise-linux.com
Mon Jan 12 19:11:45 EST 2004
On Mon, Jan 12, 2004 at 03:38:21PM -0500, David Kramer wrote:
> The crackers binary-patched the kernel of the affected machines as
> they were running so as to hide files and processes. Something was
> wedged in there that managed to extract passwords from SSH
> connections. Needless to say, all of us who have either logged into
> or out of accounts on the known affected machines have been advised
> to change our passwords at once.
Another reason to not use passwords for loging into the the system. SSH Provides key based authentication, you should use it.
-miah
More information about the Discuss
mailing list