the SSH worm thing
Alan Cox
alan at redhat.com
Wed May 11 17:34:00 UTC 2005
On Wed, May 11, 2005 at 10:04:12AM -0700, Florin Andrei wrote:
> http://www.schneier.com/blog/archives/2005/05/the_potential_f.html
>
> I can't test it right now, but i wonder - what's the default setting on
> FC4, hash the hosts or not?
I'm not convinced it helps very much. I'll just read every .history file on
your machine and hash the hostnames I find in that against the database. I'd
also try cvs based attacks by using the keys that work and appear to be for
cvs stuff to automate pushing updated autoconf scripts into every cvs I can
'fix'.
There are just far too many other ways to identify an ssh host entry/key and
to then use that the same way the analysed user has.
Alan
More information about the fedora-devel-list
mailing list