On Thu, Aug 10, 2000 at 05:45:09PM -0400, Noel L Yap wrote: > [EMAIL PROTECTED] on 2000.08.10 16:41:35 > >Yes. Because either they are doing something nasty or someone has > >compromised their password. > > > >I do use real unix uids so I can determine which *userid* did the damage, > >providing they don't break root (in which case no authentication system > >can hope to help you, unless you have extensive off-site logging, etc.) > > But the real culprit gets away. This wouldn't happen with SSH. This assumes that you do not have ssh authentication theft (as discussed in a previous message.) I have seen ssh auth theft involved in about 20% of the security violations I've seen in the last 3 years. YMMV, of course. Eivind.
- Re: cvs-nserver and latest CVS advisory Noel L Yap
- Re: cvs-nserver and latest CVS advisory Justin Wells
- Re: cvs-nserver and latest CVS advisory Noel L Yap
- Re: cvs-nserver and latest CVS advisory Eivind Eklund
- Re: cvs-nserver and latest CVS advisory Justin Wells
- Re: cvs-nserver and latest CVS advisory Greg A. Woods
- Re: cvs-nserver and latest CVS advisory Justin Wells
- Re: cvs-nserver and latest CVS advisory Greg A. Woods
- Re: cvs-nserver and latest CVS advisory David Thornley
- Re: cvs-nserver and latest CVS advisory Greg A. Woods
- Re: cvs-nserver and latest CVS adviso... Justin Wells
- Re: cvs-nserver and latest CVS ad... Greg A. Woods
- Re: cvs-nserver and latest CVS advisory Noel L Yap
- Re: cvs-nserver and latest CVS advisory Justin Wells