Alex, Not allowing anonymous SSH, doesn't mean you need a password for SSH. Actually, certificates are way more secure than passwords.
Just a damned security guy Jasper Kips, Always waiting for the ricochet > Op 8 nov. 2013 om 18:47 heeft Alex <[email protected]> het volgende geschreven: > > I don't care about this worm. Having password on ssh is not user friendly. > Damn you security guys. > > > Am 7. November 2013 07:02:23 schrieb Jack Johnson <[email protected]>: >> It is a user friendly report about a new worm/rootkit (only goes into worm >> mode when UUCP is active) that is able to, but has not yet, wreaked havoc on >> any system that it infects. >> >> This report does drop dox, since it mentions the handle of an EFNet user. >> However, all it is >> is a description of a currently-active rootkit. >> >> Xplatform.JPreskit rootkit >> >> User friendly report written by Jack Johnson >> 'j4jackj' on EFNet >> >> DESCRIPTION >> This newest infection is a rootkit spread by weak passwords and duff links. >> It was made by an EFNetter called JPres. He originally developed it on the >> BeOS >> but it is able to strike every operating system that has actual use in the >> world. >> >> THREAT LEVEL >> This threat is terminal, for once a computer is infected, if you isolate it, >> the failsafe mode kicks in. The JPresKit failsafe is to nuke the hard disk >> on which / >> resides. >> >> It is able to infect Windows ia32 and amd64 architectures, Debian and RHEL >> 32 and 64, >> and the BeOS, PowerPC and Intel. >> >> Threat activation is manually, by an unsuspecting user or by the master >> using a weak >> password via SSH and RSH. >> >> PAYLOAD DELIVERY >> Payload delivery once the rootkit is on the computer is by Pastebin.com. >> Payloads are encrypted and base64 encoded. It is unknown which encryption >> method >> from those available in a default (insert form of UNIX here) install is used. >> >> The format for payload titles is @tagYYYYMMDDSS where YYYYMMDDSS is a >> serial number determining the time of execution, and tag is the >> tag of the rooted machine. >> >> BEHAVIOUR >> On UNIX systems, when UUCP is enabled, this rootkit is also a worm. >> This rootkit/worm is able to morph by the master issuing commands to the >> worm. >> >> RECOMMENDED ACTION >> You must back up and reinstall. This rootkit may still be present after a >> reinstall, >> if you moved your files to the new installation. >> >> PREVENTION >> In the future, do not allow anonymous SSH into your computer, unless for >> things like UUCP. >> This will prevent future reinfection. >> >> Thank you for reading this report as a matter of urgency. >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
