lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <412D38DD.307@sleepdeprived.ca>
From: support at sleepdeprived.ca (David Vincent)
Subject: Automated ssh scanning

Richard Verwayen wrote:

>Hello list!
>
>A few weeks ago there was a discussion about automated ssh scanning with
>user/password combinations like guest/guest or admin/admin.
>I set up a debian woody fully patched with both accounts activated, and
>got rooted some days later...
>
>The attackers installed some software and irc-bots and tried to use this
>host for testing other computers, thats not the point. I would like to
>know where's the weak point in the system? As the system was updates on
>a daily base! The only known weakness were these two accounts!
>  
>
you didn't set up admin/admin as root did you?

just asking.

-d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ