[Unix-l] Multiple UNIX compromises at Stanford
Eric Myers
myers at noether.vassar.edu
Wed Apr 7 13:05:40 EDT 2004
It seems Stanford has had a rash of break-ins on Linux and Solaris
machines, and they claim they are not the only sites experiencing this.
They think that passwords are being sniffed to get in to user
accounts. Once in, the cracker uses some known exploits to elevate
privledges. One way they do this is via a vulnerability in rsync.
The other is a kernel bug in the mremap() function.
http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
Unless ssh has been cracked then you should be able to keep passwords
from being sniffed by only connecting with ssh, or for webmail via
https (as is now the case at Vassar). Don't use the same password for
Blackboard, since it is still not using https. And as always keep up
to date on the latest patches and latest kernel.
-Eric Myers
More information about the Unix-l
mailing list