7 Dec
2011
7 Dec
'11
10:48 a.m.
On Wed, 2011-11-30 at 13:05 -0500, m.roth@5-cent.us wrote:
There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the evidence points to brute-force attacks against the root password.
*DISABLE* password authentication on public-facing [and preferably all] servers. Isn't that securing a server rule#1?
Use shared-key authentication.