Date: Fri, 1 Jun 2001 02:41:44 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: "f.johan.beisser" <jan@caustic.org> Cc: Alex Holst <a@area51.dk>, freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601024144.H85717@mail.webmonster.de> In-Reply-To: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org>; from jan@caustic.org on Thu, May 31, 2001 at 05:28:52PM -0700 References: <20010601013041.A32818@area51.dk> <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--QDIl5R72YNOeCxaP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable f.johan.beisser(jan@caustic.org)@2001.05.31 17:28:52 +0000: > On Fri, 1 Jun 2001, Alex Holst wrote: >=20 > > That should be verified often with scanssh or something similar. I was > > surprised when I read about the compromise, because it gives the impres= sion > > that people are still using passwords (as opposed to keys with passphra= ses) > > for authentication in this day and age. Is that correct? If so, why is = that? >=20 > based on what i've read this morning, it wouldn't have made > all that much of a difference. aparently the compromised > version of ssh recorded passphrases, and keys. >=20 > i don't see how else you could have avoided this problem. use mtree(8) or tripwire /k --=20 > ASCII Ribbon Campaign - NO HTML/RTF in e-mail - NO Word docs in e-mail KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --QDIl5R72YNOeCxaP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7FuTIM0BPTilkv0YRAgv7AJwLW70T/Ct/boGUSFGaniTXhmS24gCglvyc yxcmNtKG+HrgXMqZRLkCVlM= =IvUw -----END PGP SIGNATURE----- --QDIl5R72YNOeCxaP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601024144.H85717>