[QCLUG] Virus in Ubuntu

Dave Bergert dbergert@gmail.com
Wed, 14 May 2008 20:50:20 -0500 

---------------------- multipart/alternative attachment
So it gets a little scarrier:

http://metasploit.com/users/hdm/tools/debian-openssl/


"This will generate a new OpenSSH 1024-bit DSA key with the value of  
getpid() always returning the number "1". We now have our first pre- 
generated SSH key. If we continue this process for all PIDs up to  
32,767 and then repeat it for 2048-bit RSA keys, we have covered the  
valid key ranges for x86 systems running the buggy version of the  
OpenSSL library. With this key set, we can compromise any user account  
that has a vulnerable key listed in the authorized_keys file. This key  
set is also useful for decrypting a previously-captured SSH session,  
if the SSH server was using a vulnerable host key.

In the near future, this site will be updated to include a brute force  
tool that can be used quickly gain access to any SSH account that  
allows public key authentication using a vulnerable key.


Fun - now I will have more crap to look at in my /var/log/secure and  
an increase of ssh attacks :)




On May 14, 2008, at 8:40 PM, Dave Bergert wrote:

> Speaking of Linux Security ...
>
> Has anyone see this:
> http://isc.sans.org/diary.html?storyid=4414
> '
> OpenSSH: Predictable PRNG in debian and ubuntu Linux
>
> Any comments or thoughts ?
>
>
>
>
> On May 14, 2008, at 5:43 PM, Arron Lorenz wrote:
>
>> I accedently clicked a link I shouldn't have now I may have a  
>> virus....
>>
>> I took a screen shot: http://www.davenportdrivein.com/images/Screenshot.png
>>
>> What do you guys think I should do?
>>
>> Regards,
>> Arron
>>
>> -- 
>> From:
>> Arron James Lorenz
>> Reel to Reel Drive In
>> http://www.DavenportDriveIn.com
>> 563-579-7046
>
> Dave Bergert
> dbergert@gmail.com
>
>
>

Dave Bergert
dbergert@gmail.com




---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/73bbd82f/attachment.htm

---------------------- multipart/alternative attachment--