On 5/2/06, jared r r spiegel <[EMAIL PROTECTED]> wrote:
i am not asserting that the compromise-pack did not have a precompiled sshd binary for openbsd ( the prior hop up the compromise chain in this case was a debianlinux ), but if it didn't, it may not have rooted machine B.
This is a classic case of treating the symptoms rather than curing the disease. The trusted [sic] user accepted an unkonwn hostkey, was only using password-based authenticaiton, and was using the same usernames/passwords across systems. These things were compromise opportunities waiting to happen -- compiler existance is irrelevant.