similar to: Hacked? (UPDATE)

This morning, I noticed in my security email, that my entire /usr/bin directory had setuid diff's set on them. I think I've been hacked. So I installed chkrootkit from ports and ran it. It showed not infected for everything, except NETSTAT. NETSTAT showed infected... I ran chkrootkit for another machine (at my office), and it showed not infected for everything. Both machines are

Our software company is looking for a technical support/customer service agent This person should be knowledgeable with FreeBSD (installation and troubleshooting), Windows, hardware support (diagnosing hardware problems, replacing memory, cards, etc...), building out hardware (servers/workstations) for customers. Experience with JMS, and/or FoxPro desirable but not required. Some light book

I want to connect to an InFocus projector that sits behind a Panduit VGA adapter. I use a Thinkpad P51 with a mini display-port to VGA converter. The laptop runs Manjaro and has the video-hybrid-intel-nouveau-prime installed and it works with other monitors. For some reason it does not detect the projector that is connected through the Panduit. The keyboard shortcut to switch monitor configuration

Have recently configured secure shell on solaris 9. I'd like to be able to transfer files to other servers in batch mode (without password interaction), ie with the -B option. scp tells me "unable to find an authentication method. What have I missed? Any help welcome. ********************************************************************** DISCLAIMER: 'This e-mail and files

OpenSSH Security Advisory (adv.trojan) 1. Systems affected: OpenSSH version 3.2.2p1, 3.4p1 and 3.4 have been trojaned on the OpenBSD ftp server and potentially propagated via the normal mirroring process to other ftp servers. The code was inserted some time between the 30th and 31th of July. We replaced the trojaned files with their originals at 7AM MDT, August 1st. 2. Impact: Anyone who has

Below the trojaned and clean md5s are given. ---------- Forwarded message ---------- Date: Thu, 1 Aug 2002 13:39:22 +0200 From: Magnus Bodin <magnus at bodin.org> To: Wojtek Pilorz <wpilorz at bdk.pl> Cc: openssh-unix-dev at mindrot.org Subject: Re: openssh-3.4p1.tar.gz on ftp.openbsd.org changing rather than frozen On Thu, Aug 01, 2002 at 09:20:29AM +0200, Wojtek Pilorz wrote:

Hello, we are interested to learn how Shorewall can be configured to look into a packet''s payload, say to look for footprints of Red Code or Nimbda (for example). From the site web page features section we understand Shorewall only looks into the packet''s header. Your enlightening answer will be appreciated. Regards Jose.

The trojaned ssh client is nothing new to the hacker community, and the statement in the previous thread claiming "This type of man-in-the-middle attack (trojaned ssh) is not theoretical anymore, and password authentication is broken." is an example of how many poeple still think "hacking" is something very difficult and nothing short of a genius is required to make the

XMCD is a popular unix audio cd-player with a unique feature that it will query remote databases over the Internet to determine the title, group, and song list for cds that are being played. The remote database of compact discs has become quite popular and is now supported by several Windows based cd players as well, including EasyCD2, DiscPlay, MyCDPLayer, and WinMCD. XMCD source is available

http://bugzilla.mindrot.org/show_bug.cgi?id=379 Summary: difficult to find the openssh code signing key on openssh.org. Product: Portable OpenSSH Version: -current Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo:

Hi, FYI: ------------------------------------------------------ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security ------------------------------------------------------ >Greetings, > >Just want to inform you that the OpenSSH package op ftp.openbsd.org >(and probably all its mirrors now) it trojaned: > >

Crap. I hit send too fast. Last sentence in first paragraph should have read "no completely secure way" for authentication to be passed-- because the agent-based forwarding program could have been compromised as well--except for the cases already mentioned such as SRP and RSAAuth where the auth. information is better protected. Even if the SF server had been capable of forwarding the

I would like deliver to reject certain users. Since supposedly deliver only uses userdb, not passwd, I can't use deny=yes for that. Or does userdb support deny=yes? Yes, I should rather reject them right in the MTA, but that currently takes too long to implement. Or how to reject gast* in postfix using nss authentication?

All-- But it's not as simple as forwarding the password-based authentication. Regardless of what method was used to SSH from system one (user's) to system two (SF), the user then started up *a second* SSH session to go from two (SF) to three (Apache). There is no effective way for any authentication information from the first session to be passed to the second, in my mind. Remember

> > >Date: Sat, 12 Jun 2004 13:15:33 +0200 >From: "Peter Rosa" <prosa@pro.sk> >Subject: Hacked or not ? >To: "FreeBSD Security" <freebsd-security@freebsd.org> >Message-ID: <016301c4506e$947644e0$3501a8c0@pro.sk> > >Hi all, > >please advice me - I was on holidays for one week. After return I found in >security mails from

>From http://www.apache.org/info/20010519-hack.html: "The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org." user's ssh --> SF's ssh --> apache.org's sshd So basically the user's password was entered in the clear to an untrusted program (SF's ssh). Never mind that

You could accept as the "passcode" the caller punching in their own phone#, then checking that against your whitelist. Lets associates get past the challenge when using someone else's phone, without their remembering some arbitrary passcode. And strangers or barred old associates who abuse it can get an earful about how you're suing them for wire fraud. Preferably after you

Greetings CentOS community! I connect to a very large number of new machines with a handful of my CentOS boxen. Whenever I connect to a new host, I *REALLY* would like to *NOT* see the error message such as this: The authenticity of host 'w.x.y.z (w.x.y.z)' can't be established. RSA key fingerprint is 62:7a:6c:e5:03:f5:47:be:23:a5:c5:e5:c3:60:9b:8d. Are you sure you want to continue

hello, i have a FreeBSD 4.8-PRERELEASE #0 that i use as a gateway / nat box for my home. It also acts as a dns / mail server to the outside world. I'm using ipf and basically filter for bogus networks on the way in and out. I allow everything out keeping state, and allow this in: pass in proto icmp from any to any icmp-type squench group 200 pass in proto icmp from any to any icmp-type timex

I've noticed the following behavior on files that are overwritten with an scp command and I can't decide if this is intended behavior or a bug? Can someone with a little more insight please share the reasoning for this (if any)? I've tested this with a mix of 3.4p1 and 3.5p1 hosts. Suppose we have 2 files on different hosts, with different group ownership and permissions. user1 is not