Date: 01 Jun 2001 15:40:04 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Alex Holst <a@area51.dk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <xzpzobswc7f.fsf@flood.ping.uio.no> In-Reply-To: <20010601013041.A32818@area51.dk> References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost> <20010601013041.A32818@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Holst <a@area51.dk> writes: > That should be verified often with scanssh or something similar. I was > surprised when I read about the compromise, because it gives the impression > that people are still using passwords (as opposed to keys with passphrases) > for authentication in this day and age. Keys with passphrases wouldn't have made any difference. The ssh binary on sourceforge was trojaned, and could have harvested ssh keys just as easily as passwords. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpzobswc7f.fsf>