Another thing to think about:
If ever there were some private pgp keys on a compromised machine, those
pgp keys are to be considered as compromised as well.
It's hard (to say the least) to crack pgp encryped data, but the private
key is more easy (though not trivial) to break. Of course, this depends
a lot on the quality of the pass phrase chosen.
Consider the keys compromised, revoke the public key(s) and recover the
system. Then create new pgp key pair(s).
Just a thought...
Gustav
Brian wrote:
>
> On Wed, 1 Mar 2000, M. Erickson wrote:
>
> > On Wed, 1 Mar 2000, Fred Herman wrote:
> >
> > > You have been hacked. See:
> > >
> > > http://www.cert.org/current/current_activity.html#bind
> > >
> > > You need to disconnect your box. Unless you're expert, reformat the
> > > hard drive and re-install. Make sure your patches are up to date. This
> > > exploit is fixed by updating the bind rpm's. See:
> > >
> > > http://www.redhat.com/support/errata/rh61-errata-security.html
> >
> > No need to reformat, toss that windows paradigm aside, learn a new way of
> > dealing with things like this! Just update BIND, XFS, and check through
> > all your .history/.bash_history files and find out what else has been
> > done.. just replace those, and you should be back in busines.
>
> Umm thats total BS. Once a system is compromised, bypassing shell history
> logging very trivial. Any library, and any binary on your system may be
> patched, and it doesn't have to show up in any .bash_history
> log.........or any logs for that matter.
>
> >
> > I suggest you take down inetd in the meantime, however.
> >
> > /me
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
