On Wed, 03 Dec 2003 at 23:05 GMT, Monique Y. Herman penned: > > I have been wondering about the password-sniffing thing, too. If you > send a password using ssh, isn't it encrypted? > > I suppose some debian developer's kid sister could have installed a > keystroke logger on the dev machine ... um ... > > The "sniffing" part of this exploit has been left unexplained thus > far. Maybe that's because the mechanism is obvious to the initiated > ... but it's not obvious to me. >
After reading a few more responses, I realize that of course a debian developer's machine could get compromised. I guess I just thought they were infallible *grin* Now, the real question is, what exploit was used to get onto that dev's machine in the first place? -- monique -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
