6 Dec
2011
6 Dec
'11
8:40 p.m.
Les Mikesell wrote:
On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh mail-lists@karan.org wrote:
On 12/06/2011 08:09 PM, Les Mikesell wrote:
Any luck on the specific attack path yet? The linked article suggests Centos up to 5.5 was vulnerable.
We dont have access to the actual machines that were broken into - so pretty much everything is second hand info.
But based on what we know and what we have been told and what we have worked out ourselves as well, its almost certainly bruteforced ssh passwords.
So, coincidence that they were CentOS, and pre-5.6? Did they have admins in common?
Just incompetent ones. I believe I remember a map on the article, and they had one or more in Poland, and some in southeast Asia, etc.
mark