[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 15:58:40 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Tue, Jan 3, 2012 at 12:48 AM, Bennett Haselton <bennett at peacefire.org> wrote:
>
>> You can also set up openvpn on the server and control ports like ssh to
>> only be open to you if you are using an openvpn client to connect to the
>> machine.
>
> True but I travel a lot and sometimes need to connect to the machines
> from subnets that I don't know about in advance.

Have you ever typed your password on a machine you didn't control?
Or even one that was not completely secure (i.e. could have had a
hardware keylogger attached, or a software key logger installed by a
trojan,  virus, or wifi hack)?   If so, you might be missing the most
likely possibility for someone having your password: simply grabbing
it as you type before ssh gets a chance to encrypt it.

-- 
  Les Mikesell
     lesmikesell at gmail.com