SSH "Vulnerabilities"

      by Wyatt Walter

I had to laugh when I read the comments on zdnet’s article on how compromised SSH keys are leading to rootkits in Linux systems. Okay, I’ll admit it. I’m a Linux fan and am going to be partial to defending my pet operating system, but let’s all take a minute to think about this. The first part of the attack happens when an attacker is first able to login to an SSH server with a stolen key. Once the attacker has a shell, they are using a vulnerabilities to install rootkits. Sure, that means there are vulnerabilities once a user has a shell, and I’m not about to say that Linux is impenetrable. But let’s consider what’s happening here. The attackers are using a stolen key. The attackers could just as easily use a stolen password. The same would happen if you opened up remote desktop on your Windows server to the world and gave out your password. Okay, so this was mostly a rant about some comments made, but let’s all take the time and watch what public-facing services are running on our systems. Don’t open up a service on your servers if you don’t plan on logging and auditing the service. All OS’s are vulnerable to attacks due to poor implementation and good grief, be careful with your keys!

I also had to laugh when I went to the CERT article that the zdnet article was about. Right below it, CERT issued a warning about a vulnerability in PowerPoint that allowed remote code execution with escalated privileges if a user opened a crafted file. Wow, talk about irony! Yes, I know that there’s vulnerabilities in software from pretty much every vendor so don’t flame me, but I loved the irony.

Related Posts Related Websites

Tags: ,
Filed under Tech Trends : Comments (0) : Aug 28th, 2008

Leave a Reply