Compromised SSH Keys Lead To Linux Rootkit Attack
Tech Groupie writes "The US Computer Emergency Readiness Team (CERT) has issued a warning for what it calls 'active attacks' against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed."
Stolen login credentials leads to unauthorized access of computer resources!
"Obscenity is the crutch of the inarticulate motherfucker." - cloak42
Change your keys regularly, and revoke the key as soon as you have the slightest doubt it's been compromised.
/me gives Redhat a dirty look.
This new attack relies on an attacker compromising login credentials. Then, the compromised login is used to install a rootkit on the target system.
This may rival the DNS vulnerability.
Palm trees and 8
Dude, that's like building an electronic voting machine and putting anti-virus software on it.
No, wait...
Condoms are only effective at reducing relative risk vs unprotected connections by about 70 to 85% - source. As always, the only safe way is abstinence! Not that anyone around here will listen to that; I bet most /.'ers are in promiscuous mode...
Nick
I have sucessfully computed a easy and 100% affective plan to stop this attack I have cleared the cookies, defragmented the memory drive, emptyed the recycle bin and set the Internet security zone to 'high'. Last off all I downloaded the latest Linux Kernal and extracted it to C drive.
Now it will not affect me i advice everyone else just follow these simple steps and you will be safe to.
Does that make abstinence preconceived murder?
http://www.mhall119.com