Rookit infections: AARRGH!
Kevin D. Clark
clark_k at pannaway.com
Mon May 16 11:16:01 EDT 2005
Bill McGonigle <bill at bfccomputing.com> writes:
> On May 10, 2005, at 14:30, Kevin D. Clark wrote:
>
>> The crucial element in the password thefts that provided access
>> at Cisco and elsewhere was the intruder's use of a corrupted version
>> of a standard software program, SSH.
>
> So, what's a 'corrupted version'?
Probably just a copy of ssh that has been modified to buffer-overrun
the other side of the connection. This is the easiest way to produce
such a tool.
--kevin
--
GnuPG ID: B280F24E And the madness of the crowd
alumni.unh.edu!kdc Is an epileptic fit
-- Tom Waits
More information about the gnhlug-discuss
mailing list