[CentOS] duqu
Adam Tauno Williams
awilliam at whitemice.orgWed Dec 7 10:48:24 UTC 2011
- Previous message: [CentOS] duqu
- Next message: [CentOS] duqu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 2011-11-30 at 13:05 -0500, m.roth at 5-cent.us wrote: > There's an article on slashdot about the Duqu team wiping all their > intermediary c&c servers on 20 Oct. Interestingly, the report says that > they were all (?) not only linux, but CentOS. There's a suggestion of a > zero-day exploit in openssh-4.3, but both the original article, and > Kaspersky labs (who have a *very* interesting post of the story) consider > that highly unlikely, and the evidence points to brute-force attacks > against the root password. *DISABLE* password authentication on public-facing [and preferably all] servers. Isn't that securing a server rule#1? Use shared-key authentication.
- Previous message: [CentOS] duqu
- Next message: [CentOS] duqu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list