Slashdot Mirror

← Back to Stories (view on slashdot.org)

Compromised SSH Keys Lead To Linux Rootkit Attack

Posted by timothy on Wednesday August 27, 2008 @02:20AM from the bad-childhoods-keep-on-giving dept.

Tech Groupie writes "The US Computer Emergency Readiness Team (CERT) has issued a warning for what it calls 'active attacks' against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed."

2 of 79 comments (clear)

Min score:

Reason:

Sort:

How is this news? by Shade+of+Pyrrhus · 2008-08-27 02:26 · Score: 4, Insightful

The attack appears to initially use stolen SSH keys to gain access to a system
Ok...so if you get the key to a machine you can get in and abuse an old vulnerability, assuming the machine in unpatched. The rootkit that they discuss is from 2005, so where's the news here? Be careful about your SSH keys and passwords?

Seriously, if there's more to this I'd like to know. The article hardly has more information than the summary.
1. Re:How is this news? by Goaway · 2008-08-27 02:31 · Score: 4, Insightful
  
  The news is that this is probably fallout from the Debian OpenSSL fiasco, and that people should take it seriously pretty damn quick and get their keys changed.