[dundee] phalanx2 rootkit installed via stolen SSH keys

gordon dunlop astrozubenel at googlemail.com
Thu Aug 28 09:59:30 UTC 2008


2008/8/28 Lee Hughes <toxicnaan at yahoo.co.uk>:
> Interesting, but I can't seem to find any details about the ssh
> vulnerability,
>
> there not talking about just stealing the keys are they?
>
As I understand it, this not about a SSH vulnerability but stealing a
private SSH key. When a private/public SSH key is generated it asks
you for a passphrase or password for security protection but it can be
left blank if desired. It looks like they have got their hands on
private SSH keys that have no passphrases or passwords (how they
managed that I don't know?) and the public key is on a particular
server and they have managed to gain access to that server. If I get
any more information about this later I will post it.

Gordon

> >
> Cheers,
> Lee
>
>
>
> > _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk  http://dundee.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on dundee.lug.org.uk
>



More information about the dundee mailing list