On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh <mail-lists at karan.org> wrote: > On 12/06/2011 08:09 PM, Les Mikesell wrote: >> Any luck on the specific attack path yet? The linked article >> suggests Centos up to 5.5 was vulnerable. > > We dont have access to the actual machines that were broken into - so > pretty much everything is second hand info. > > But based on what we know and what we have been told and what we have > worked out ourselves as well, its almost certainly bruteforced ssh > passwords. So, coincidence that they were CentOS, and pre-5.6? Did they have admins in common? -- Les Mikesell lesmikesell at gmail.com