On Tue, 02 Dec 2003, Tom wrote: > Yes but the attacker did not "steal" the DD's computer. He rooted it > remotely.
So the machine is rooted remotely, the DD logs into a debian box even using our new fangled smart cards, and the attacker still can control the connection. In this particular intrusion vector, the use of a smart card merely means that the attacker has to trojan the ssh binary on the compromised machine and use it to run a command that opens a shell under the DD's uid on a non-privledged port, thus circumventing the smart card in its entirety. If you log into a machine from a compromised machine using any means I can forsee today, the attacker can always control the account of the machine logged into, because the attacker effectively become the user of the machine. Don Armstrong -- Tell me something interesting about yourself. Lie if you have to. -- hugh macleod http://www.gapingvoid.com/archives/batch20.php http://www.donarmstrong.com http://www.anylevel.com http://rzlab.ucr.edu
signature.asc
Description: Digital signature
