Rookit infections: AARRGH!
Bill McGonigle
bill at bfccomputing.com
Sun May 15 16:41:02 EDT 2005
On May 10, 2005, at 14:30, Kevin D. Clark wrote:
> The crucial element in the password thefts that provided access
> at Cisco and elsewhere was the intruder's use of a corrupted version
> of a standard software program, SSH.
So, what's a 'corrupted version'?
To add some more paranoia to the fire:
http://nms.csail.mit.edu/projects/ssh/
Hashed known_hosts sounds like a good idea.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Mobile: 603.252.2606
http://www.bfccomputing.com/ Pager: 603.442.1833
AIM: wpmcgonigle Skype: bill_mcgonigle
For fastest support contact, please follow:
http://bfccomputing.com/support_contact.html
More information about the gnhlug-discuss
mailing list