Date: Wed, 5 Sep 2001 20:03:07 -0700 From: Kris Kennaway <kris@obsecurity.org> To: abby <art@cristhal.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: pid account hacked Message-ID: <20010905200307.A82529@xor.obsecurity.org> In-Reply-To: <000e01c12085$191d62e0$6100a8c0@amarildo>; from art@cristhal.com on Wed, Aug 08, 2001 at 08:40:56PM -0700 References: <000e01c12085$191d62e0$6100a8c0@amarildo>
next in thread | previous in thread | raw e-mail | index | archive | help
--J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 08, 2001 at 08:40:56PM -0700, abby wrote: > I have a question regarding system accounts if I seem a bit non oriented = its because I am somewhat new to unix security issues well someone hacked i= nto one of the system accounts using a root kit I was lead to believe but t= hey got in as=20 > pid user=20 >=20 > pid ttyp0 141.13.3.9 Wed Sep 5 06:09 - 06:11 (00:= 05) >=20 > and I Was able to view them through who or w=20 > this was totally freaking me out so first thing I Did was delete the user= I was wondering > if you could give me more information on how this hapend to prevent syste= m accounts from being hacked again > someone said I should email here and ask thanx in advance Step 1: Follow security advisories closely by subscribing to a mailing list that carries them (see www.freebsd.org/security) Kris --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7ludrWry0BWjoQKURAqrhAJ0ceXQZPP0UeRzl2j8CSyBnpCWHDwCgzGK0 8GSo8F/JlmEPvOHASAiijqw= =HAw9 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010905200307.A82529>