Date: Thu, 31 May 2001 17:28:52 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: Alex Holst <a@area51.dk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> In-Reply-To: <20010601013041.A32818@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Jun 2001, Alex Holst wrote: > That should be verified often with scanssh or something similar. I was > surprised when I read about the compromise, because it gives the impression > that people are still using passwords (as opposed to keys with passphrases) > for authentication in this day and age. Is that correct? If so, why is that? based on what i've read this morning, it wouldn't have made all that much of a difference. aparently the compromised version of ssh recorded passphrases, and keys. i don't see how else you could have avoided this problem. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "which then led me to realize leading my life by the motto 'i'm not as bad as jan' would still let me get away with A LOT" --- j. leah williams, University of Chicago, 19 Jan, 2001 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105311727160.66343-100000>