On Wed, Dec 03, 2003 at 12:34:23PM -0800, Ben Barrett wrote: > It came to my attention, after reviewing the Debian report, that there are > many mail systems out there, which use userland accounts for POP mail (not > secure, but plaintext) that also have SSH logins enabled. I was guessing > that this might've been how they got in with a "sniffed password".
In fact, efn is one such place. efn does not currently offer any sort of encrypted email access and I'm sure there are at least three points between me and imap.efn.org where my password can be sniffed by anyone desiring access to efn servers. I get by only by using a passwd for efn that I use nowhere else. I actually tried to fix this at one point on the BSD/OS box which was serving up imap at the time, but for some reason stunnel just didn't work on that machine. Never did isolate a cause. The only option available in these cases is to ensure that mail is pulled only from unpriveleged accounts. However, privelege-elevating exploits exist for most OSes in some fashion or another, so that's no magic bullet either. The only real solution is to encrypt what you can, firewall like mad, and to be religious about security patches (in all senses of the word, I suppose..) ;) > I don't know how they could get a keyboard sniffer on a developer's machine > without first compromising that machine, in a similar fashion; so I'm > assuming that something like a shared [plaintext] password was > packet-sniffed initially... which still begs the question of where the > packets were sniffed. Was an ISP compromised or some insider helping out? > Maybe a developer was working via wifi, without considering the > implications? The details of how arronl's box was compromised are not being discussed openly. It was indeed vulnerable to attack, but a different attack. _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug