Before I blocked all of China, I saw something very similar on an ssh
honeypot I run.

Every few hours or so, I'd get the following:

http://sprunge.us/OGfE

Seemed totally automated.

J. Stuart McMurray


On Fri, Aug 15, 2014 at 1:51 PM, Josh Grosse <j...@jggimi.homeip.net> wrote:

> On 2014-08-15 12:38, Mihai Popescu wrote:
>
>> On June 29, there was a 5.5-stable update to www/owncloud to release
>>> 6.0.4 to fix a security issue.
>>>
>>
>> The developers annoucement, from the webpage for this thingie ( i
>> don't know what the hell this software is doing):
>> --------------
>>
>> Yeah, you were screwed!
>>
>
> There are a number of security issues that have been fixed in that release
> -- if
> I read their web page correctly -- including one which that project
> perceives to be a
> high-risk issue:
>
> https://owncloud.org/security/advisory/?id=oc-sa-2014-018
>
> There's also a big one, that earlier this month that project decided
> *not to fix*.  I don't know anything about OwnCloud either, but this sort
> of issue is
> one that should probably be addressed.
>
> https://senderek.ie/archive/2014/owncloud_unencrypted_
> private_key_exposure.php
>
> "An attacker, who is able to read the PHP session files by exploiting
> another
> web application that is running on the ownCloud server, will be able to
> gather
> the unencrypted private key of every ownCloud user. All encrypted files
> that
> are stored in a user's home directory can be decrypted with this RSA
> private
> key, stored in the PHP session files in plain text. If the user's encrypted
> files are synced to other devices or shared with other servers - for
> hosting
> or backup - an attacker will be able to decrypt all user data that is being
> intercepted, even if the attacker has no longer access to the server's file
> system."

Reply via email to