----- Original Message ----- From: "csj" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 22:40 Subject: Re: Debian Investigation Report after Server Compromises
> On 3. December 2003 at 5:52PM -0800, > Vineet Kumar <[EMAIL PROTECTED]> wrote: > > > * Monique Y. Herman ([EMAIL PROTECTED]) [031203 16:59]: > > > I have been wondering about the password-sniffing thing, too. > > > If you send a password using ssh, isn't it encrypted? > > > > > > I suppose some debian developer's kid sister could have > > > installed a keystroke logger on the dev machine ... um ... > > > > Almost there -- minus the assumption that one needs physical > > access to a machine to install a keystroke logger. At the risk > > of perpetuating the telephone game, I recall reading that the > > developer's machine had been rooted. I didn't hear how, but I > > don't really see how it matters. I picture an always-on > > machine in someone's home on a DSL or cable line. > > Now I'm curious: is it possible to get rooted while on dialup? > I'm thinking of a user with access to a slow but dirt cheap > dialup connection and so is online for significant stretches, > say, eight hours. This also assumes that no trojans or similar > have been installed on the user's system. > FYI. As one who has caught several virisus. It can happen on dialup and it has always happened to me while downloading virisus definitions from Norton.com. I dont believe that norton was infectied. Therefore it came from somewhere else. Hoyt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
