SSH hacked?
Knapp
magick.crow at gmail.com
Tue Jan 13 17:22:08 UTC 2009
> P.S. Keeping your password secret includes not typing it on a spyware
> loaded computer that is recording your keystrokes. That is why I don't
> use my Windows computer at work to log into my system at home, I don't
> think that computer is infected, but I don't trust Windows in general, I
> use my personal Ubuntu notebook instead.
>
I agree with you, moving ports stops bad hackers from doing stupid hacks. If
you can't block those then you are really in trouble when they find your
other ssh port.
Also a lesson from my youth. I learned to program when I was about 13 by
breaking into the Universities computer, vax pdp 11. I did no damage and
only played games and used the education programs there.
The way I got the passwords was simple. They let guest use basic but that
basic only had print, a few math commands and input and if. Not much else.
They thought that that made it secure.
What I did was make a simple program that looked just like the Uni sign in.
It took the name and password and then said sorry wrong password. It then
quit and started the real sign in. It was seamless, so no one caught on.
Print let you echo the printing to a printer too. So I sent the passwords
and names to a printer next to my seat. Then I started the program on all
the terminals and waited. I was never caught. It also was not illegal at
that time but I am sure I would have been in lots of kid trouble, if I had
been caught.
The lesson is that it is really easy to get passwords, even in tight
systems. Be really careful! I have often wondered how many people use the
same name and password on something like slashdot as there home or work
computers or other sign ins?
--
Douglas E Knapp
Amazon Gift Cards; let them choose!!
http://www.amazon.com/gp/product/B001078FFE?ie=UTF8&tag=seattlebujinkand&linkCode=as2&camp=1789&creative=9325&creativeASIN=B001078FFE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090113/4af89c21/attachment.html>
More information about the ubuntu-users
mailing list