On Sep 27, 2005, at 11:37 PM, Jurjen Oskam wrote:
On Tue, Sep 27, 2005 at 11:36:22PM -0500, C. Bensend wrote:
1) Log into system via ssh skey, which is a one-time auth method
2) Type 'sudo farfegnugen blahblah yadda'
3) Log out
You're assuming that the keys you press are transmitted unmodified to
your server. Since the terminal is not under your control, there's
no reason why it can't send, e.g., "sudo rm -rf /" all by itself
after
it sees you're logged in.
And this is just one example.
--
Jurjen Oskam
To take this a step further, the host os (untrusted Windows box)
could also inject malicious keystrokes into an SSH session. It
wouldn't be as easy an attack since the injection has to happen
between the keyboard and Putty (rather than just injecting into an
unencrypted stream), but it still presents an attack vector.
You can put a live-cd together on a business card sized CD that will
fit in your wallet. Even if you end up with Knoppix instead of
OpenBSD, at least you know it's clean.
