Am Mon, 28 May 2012 15:49:40 +0200 schrieb Marko Randjelovic <marko.m...@gmail.com>:
> * I logged in my normal account on desktop PC last time successfuly > saturday evening and turned off the computer 2 hours after midnight. > * At Sunday morning I went for a walk. > At 16 pm I turned on the computer but my password did not work. > * I checked the logs and found no trace of intrusion, but also no > entry about password change. > > I have Debian 6 desktop and firewall computers. I apply security > pathes regulary, have active firewall and SELinux. The only problem I > see could be the custom kernel 3.2 that is not completely patched. > > I have logged in several times successfuly with that password, > including immidiately after power on when there is no possibility of > alternative keyboard layout and no need to touch caps lock. > > For me it is obvious my account was compromised, but don't know if > root privileges were acquired. > > What do you think? > if your computer was turned off in the meanwhile it couldn't get compromised - except somebody with hardware-access turned it on. I don't know how possible this is in your case. But if somebody is smart enough to get hw-access to your computer and boot it with a live-system he wouldn't be such a fool to betray his compromision by changing a password. so I think its an software or configuration problem, or something on layer 8 ;) to change a password with user-rights you need the password of this user, even he is logged in already kind regards, Michael -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120529130716.06bd8879@eddie
