Agreed. Except if there was a means of WOL the untruder was aware of. Viele Grüße, Patrick Geschke
Sent from the road. Am 29.05.2012 um 13:08 schrieb Michael Stummvoll <mich...@stummi.org>: > Am Mon, 28 May 2012 15:49:40 +0200 > schrieb Marko Randjelovic <marko.m...@gmail.com>: > >> * I logged in my normal account on desktop PC last time successfuly >> saturday evening and turned off the computer 2 hours after midnight. >> * At Sunday morning I went for a walk. >> At 16 pm I turned on the computer but my password did not work. >> * I checked the logs and found no trace of intrusion, but also no >> entry about password change. >> >> I have Debian 6 desktop and firewall computers. I apply security >> pathes regulary, have active firewall and SELinux. The only problem I >> see could be the custom kernel 3.2 that is not completely patched. >> >> I have logged in several times successfuly with that password, >> including immidiately after power on when there is no possibility of >> alternative keyboard layout and no need to touch caps lock. >> >> For me it is obvious my account was compromised, but don't know if >> root privileges were acquired. >> >> What do you think? >> > > if your computer was turned off in the meanwhile it couldn't get > compromised - except somebody with hardware-access turned it on. I > don't know how possible this is in your case. But if somebody is smart > enough to get hw-access to your computer and boot it with a live-system > he wouldn't be such a fool to betray his compromision by changing a > password. so I think its an software or configuration problem, or > something on layer 8 ;) > > to change a password with user-rights you need the password of this > user, even he is logged in already > > kind regards, > Michael > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120529130716.06bd8879@eddie >
