similar to: Compromised servers, SSH keys, and replay attacks

Hi list, I do not known, if this is really an issue but i noticed that when connecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key

I just received the following letter: Date: Sun, 24 Jan 1999 04:01:55 -0500 (EST) From: John Stange <building@cs.umd.edu> Subject: util-linux compromised? I grabbed util-linux-2.9g yesterday from win.tue.nl, and discovered a section of login.c that appears to send the host and uid of the user to a hotmail address. I imagine this isn't a standard feature. :>

[mod: Just to show you that people DO get bitten after a bugwarning has gone out on linux-security..... -- REW] -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Has anyone been hit with the Bind Inverse Query Buffer Overrun on their Linux servers? We have had 3 servers attacked using this expoit and all of the machines had several binaries replaced with trojan

hi, I am from Norway and you'll don't believe me, but a trojan horse in on your pc. I've scanned the network-ports on the internet. (I know, that's illegal) And I have found your pc. Your pc is open on the internet for everybody! Because the smss.exe trojan is running on your system. Check this, open the task manager and try to stop that! You'll see, you can't stop this

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

I have a server that has been compromised. I'm running version 4.6.2 when I do >last this line comes up in the list. shutdown ~ Thu Aug 28 05:22 That was the time the server went down. There seemed to be some configuration changes. Some of the files seemed to revert back to default versions (httpd.conf, resolv.conf) Does anyone have a clue what type of

This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts.

Hello,     I'm sure it's a false positive but figured I post any way. My weekly full scan of my servers reported the following results. /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_deluser.inst: Unix.Trojan.Vali-6606621-0 FOUND /root/samba-4.8.3/bin/default/source3/lib/netapi/examples/group/group_adduser.inst: Unix.Trojan.Vali-6606621-0 FOUND

OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. We replaced the trojaned files with their originals at 7AM MDT, August 1st. 2. Impact: Anyone who has

On 12/20/2015 12:16 PM, John R Pierce wrote: > On 12/20/2015 4:26 AM, Ned Slider wrote: >> Unless I'm mistaken RPM in el5 does not support the https protocol. > > did you mean Yum ? rpm is just a file format for packages, and a > package installer program, its yum that does the network operations to > fetch the packages, and as far as I understand it uses libcurl, so it

Hi, is it possible, that the current development version for Windows ( http://cran.at.r-project.org/bin/windows/base/R-2.13.0dev-win.exe) is infected by a trojan/virus. My antivir-program (www.avira.com) seems to find a trojan in open.exe at bin\i386. Best regards, Andreas [[alternative HTML version deleted]]

Dear user of xiph.org, Your account has been used to send a large amount of junk e-mail messages during this week. Obviously, your computer was compromised and now contains a trojan proxy server. Please follow our instruction in the attached file in order to keep your computer safe. Virtually yours, xiph.org user support team. -------------- next part -------------- A non-text attachment was

Hi, just wishing you a merry christmas and happy new year, by presenting to you a new trojan for Linux. It`s professionally made by Apple Computer Inc. (must be somebody who threatened them to do it). <https://www.anubis-ca.com/tmp/IMG_20181210_173521.jpg> <https://www.anubis-ca.com/tmp/IMG_20181210_175350.jpg> ---------Videresendt melding------- Fra: Arun I. Gurung <arun-g at

Hi People, The Linux Environment I am responsible for is using ssh key pairs to allow access to a number or accounts on a number Linux Servers. I currently have the opportunity to re-design some of this. So I would like to tap into peoples experiences to see what might be some good changes to make. Specifically I have a couple of questions 1. Currently all of the key pairs we are using

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

On 03/04/16 22:10, Ireneusz Piasecki wrote: > W dniu 03.04.2016 o 04:39, Rob Kampen pisze: >> EPEL maintainers? >> I note messages in the log about updated version 0.99.1 of CLAMAV >> being available since Mar 5th. >> for CentOS 6 no update is available yet. >> I used to use rpmforge for this package but that languished for months >> before updates became

Debian GNU/Linux 2.2 (potato), openssh-2.2.0p1 Configured with: --prefix=/usr/local/openssh --enable-gnome-askpass --with-tcp-wrappers --with-ipv4-default --with-ipaddr-display My goal here is to, as root, forward a local privileged port over an ssh tunnel to another host using a normal user's login, i.e.: root:# ssh -2 -l jamesb -i ~jamesb/.ssh/id_dsa -L 26:localhost:25 remotehost So far,

On 12/19/2015 02:12 AM, Gordon Messmer wrote: > On 12/15/2015 07:05 PM, Alice Wonder wrote: >> The first time yum installs a package, it asks to import the GPG key >> used to sign the packages. Most people accept without validating the key. > > While that is true, it is important to note that yum will only import > keys that are already installed on disk, in

On 02/23/2017 01:03 PM, Lamar Owen wrote: > On 02/23/2017 03:32 PM, James Hogarth wrote: >> On 23 February 2017 at 19:55, Lamar Owen <lowen at pari.edu> wrote: >>> Not to stir up a hornets' nest, but how does Google's announcement at >>> https://shattered.it affect this now? (Executive summary: Google has >>> successfully produced two different