After reading the report at
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
and following this newsgroup discussion, I have some very basic questions:
1) What is a "sniffed password", and how do they know the attacker used a
password that was "sniffed", rather than just stolen out of someone's
notebook?
2) Was the breakin done remotely, or by someone with physical access to
the machine or network? I thought that "sniffing" required physical access
to a network over which unencrypted data was being transferred. Are the
remote logins to Debian servers unencrypted?
3) How does an attacker with a user-level password gain root access? I
understand you can call system services that have root access, and provide
bad data in those calls that will cause buffer overflows, maybe even a
machine crash, but how does a buffer overflow allow root access? I know
there is a deep technical explanation for this, but I'm hoping someone can
explain it in simple terms, or maybe point me to a good article or book
chapter.
-- Dave
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: Debian Investigation Report afte... Karsten M. Self
- Re: Debian Investigation Report ... Colin Watson
- Re: Debian Investigation Report ... Karsten M. Self
- Re: Debian Investigation Report after Server Compromi... David Z Maze
- Re: Debian Investigation Report after Server Compromi... John Hasler
- Re: Debian Investigation Report after Server Compromi... Paul Morgan
- Re: Debian Investigation Report after Server Compromi... Karsten M. Self
- Re: Debian Investigation Report after Server Compromises Dave
- Re: Debian Investigation Report after Server Compromises Dave
