Re: Opinion on this, password changed, nothing suspicious in logs
Am Mon, 28 May 2012 15:49:40 +0200 schrieb Marko Randjelovic marko.m...@gmail.com: * I logged in my normal account on desktop PC last time successfuly saturday evening and turned off the computer 2 hours after midnight. * At Sunday morning I went for a walk. At 16 pm I turned on the computer but my password did not work. * I checked the logs and found no trace of intrusion, but also no entry about password change. I have Debian 6 desktop and firewall computers. I apply security pathes regulary, have active firewall and SELinux. The only problem I see could be the custom kernel 3.2 that is not completely patched. I have logged in several times successfuly with that password, including immidiately after power on when there is no possibility of alternative keyboard layout and no need to touch caps lock. For me it is obvious my account was compromised, but don't know if root privileges were acquired. What do you think? if your computer was turned off in the meanwhile it couldn't get compromised - except somebody with hardware-access turned it on. I don't know how possible this is in your case. But if somebody is smart enough to get hw-access to your computer and boot it with a live-system he wouldn't be such a fool to betray his compromision by changing a password. so I think its an software or configuration problem, or something on layer 8 ;) to change a password with user-rights you need the password of this user, even he is logged in already kind regards, Michael -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120529130716.06bd8879@eddie
Re: Opinion on this, password changed, nothing suspicious in logs
Agreed. Except if there was a means of WOL the untruder was aware of. Viele Grüße, Patrick Geschke Sent from the road. Am 29.05.2012 um 13:08 schrieb Michael Stummvoll mich...@stummi.org: Am Mon, 28 May 2012 15:49:40 +0200 schrieb Marko Randjelovic marko.m...@gmail.com: * I logged in my normal account on desktop PC last time successfuly saturday evening and turned off the computer 2 hours after midnight. * At Sunday morning I went for a walk. At 16 pm I turned on the computer but my password did not work. * I checked the logs and found no trace of intrusion, but also no entry about password change. I have Debian 6 desktop and firewall computers. I apply security pathes regulary, have active firewall and SELinux. The only problem I see could be the custom kernel 3.2 that is not completely patched. I have logged in several times successfuly with that password, including immidiately after power on when there is no possibility of alternative keyboard layout and no need to touch caps lock. For me it is obvious my account was compromised, but don't know if root privileges were acquired. What do you think? if your computer was turned off in the meanwhile it couldn't get compromised - except somebody with hardware-access turned it on. I don't know how possible this is in your case. But if somebody is smart enough to get hw-access to your computer and boot it with a live-system he wouldn't be such a fool to betray his compromision by changing a password. so I think its an software or configuration problem, or something on layer 8 ;) to change a password with user-rights you need the password of this user, even he is logged in already kind regards, Michael -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120529130716.06bd8879@eddie
Re: Opinion on this, password changed, nothing suspicious in logs
On Mon, 28 May 2012, Marko Randjelovic wrote: At 16 pm I turned on the computer but my password did not work. * I checked the logs and found no trace of intrusion, but also no entry about password change. For me it is obvious my account was compromised, but don't know if root privileges were acquired. What do you think? Without any evidence of intrusion, I wouldn't be surprised if you got a flaky key on your keyboard. Are you sure you don't have a faulty 1 or something like that? -- Povl Ole -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/alpine.deb.2.00.1205291339560.9...@noget.stderr.dk.localdomain
Re: Opinion on this, password changed, nothing suspicious in logs
On May 29, 2012 7:08 AM, Povl Ole Haarlev Olsen debian-secur...@stderr.dk wrote: Without any evidence of intrusion, I wouldn't be surprised if you got a flaky key on your keyboard. Are you sure you don't have a faulty 1 or something like that? This one has gotten me before. What can make it worse is if its almost like mine where it turns out its not the keys directly but the reciever playing games. Transmitting correctly one second and not the next.
Opinion on this, password changed, nothing suspicious in logs
* I logged in my normal account on desktop PC last time successfuly saturday evening and turned off the computer 2 hours after midnight. * At Sunday morning I went for a walk. At 16 pm I turned on the computer but my password did not work. * I checked the logs and found no trace of intrusion, but also no entry about password change. I have Debian 6 desktop and firewall computers. I apply security pathes regulary, have active firewall and SELinux. The only problem I see could be the custom kernel 3.2 that is not completely patched. I have logged in several times successfuly with that password, including immidiately after power on when there is no possibility of alternative keyboard layout and no need to touch caps lock. For me it is obvious my account was compromised, but don't know if root privileges were acquired. What do you think? -- Marko Ranđelović, B.Sc. Software Developer Niš, Serbia marko...@eunet.rs marko.m...@gmail.com GnuPG Key: 11FF 0703 1C7A 8FB1 48C0 B63E 4D1C 0D3F 7281 F4B7 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fc38274.4030...@gmail.com