[CentOS] an actual hacked machine, in a preserved state

Ljubomir Ljubojevic office at plnet.rs
Wed Jan 4 22:34:02 UTC 2012


On 01/04/2012 10:59 PM, Lamar Owen wrote:
> [Distilling to the core matter; everything else is peripheral.]
>
<snip>
>
> It is a safe assumption that there are httpd exploits in the wild, that
> are not known by the apache project, that specifically attempt to grab
> /etc/shadow and send to the attacker. It's also a safe assumption that
> the attacker will have sufficient horsepower to crack your password from
> /etc/shadow in a 'reasonable' timeframe for an MD5 hash. So you don't
> allow password authentication and you're not vulnerable to a remote
> /etc/shadow brute-forcing attack regardless of how much horsepower the
> attacker can throw your way, and regardless of how the attacker got your
> /etc/shadow (you could even post it publicly and it wouldn't help them
> any!).
>

Excellent text. This should be published on some Blog, or CentOS wiki maybe.

Thank you for this. Concise and practical. Wow. Thanks again!


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant



More information about the CentOS mailing list