On Wed, Dec 03, 2003 at 12:20:59AM -0800, Don Armstrong wrote: > On Tue, 02 Dec 2003, Tom wrote: > > Yes but the attacker did not "steal" the DD's computer. He rooted it > > remotely. > > So the machine is rooted remotely, the DD logs into a debian box even > using our new fangled smart cards, and the attacker still can control > the connection.
Not while the smart card isn't inserted. > > In this particular intrusion vector, the use of a smart card merely > means that the attacker has to trojan the ssh binary on the > compromised machine and use it to run a command that opens a shell > under the DD's uid on a non-privledged port, thus circumventing the > smart card in its entirety. I don't understand this objection, but it seems valid. Could you explain? > > If you log into a machine from a compromised machine using any means I > can forsee today, the attacker can always control the account of the > machine logged into, because the attacker effectively become the user > of the machine. > Yes, I always warned my employer that all I have to do is own your machine before you plug in your smart card, leave a logic bomb to do something while you're connected, wait for you to hang up and then report back. But it's all layers, layers, layers. More layers = better, none is a panacea. Have you ever used smartcards? I think that the more layers the better.
