6 Dec
2011
6 Dec
'11
9:36 p.m.
On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh mail-lists@karan.org wrote:
On 12/06/2011 08:09 PM, Les Mikesell wrote:
Any luck on the specific attack path yet? The linked article suggests Centos up to 5.5 was vulnerable.
We dont have access to the actual machines that were broken into - so pretty much everything is second hand info.
But based on what we know and what we have been told and what we have worked out ourselves as well, its almost certainly bruteforced ssh passwords.
So, coincidence that they were CentOS, and pre-5.6? Did they have admins in common?
--
Les Mikesell
lesmikesell@gmail.com