From: Neil C. <nc...@co...> - 2005-12-11 02:28:50
|
Tim Sailer wrote: > On Sat, December 10, 2005 20:54, Neil Cherry said: >> Tim Sailer wrote: >>> I do security for a living. SSH is not as 'secure' as one would want to >>> think. If I can get a user account on your linux box, I could most >>> likely >>> install a kernel module (unless you have a kernel without support) that >>> would capture all your keystrokes. Passphrase included. >> It is my understanding that you could sniff the entire session and >> not be able to figure out the session key. Unless you're talking >> about an old vulnerability. > > Nope. Any current system, with a vulnerable kernel can have a module > loaded that will sniff keystrokes. It's quite easy to do. I do it all the > time on honeypots with just ssh enabled. Sorry I misunderstood what you were saying, I thought you were talking about an ssh weakness. What you're talking about is a problem with any OS (even VMS). If you can't trust the OS then you can't trust anything. That currently a very bid deal in the Windows world (rootkits et al). Basically there is no trust at that layer because it has the power to do anything. Let me ask another question, is it possible to load this module as a user under Linux (not as root)? >> Man in the middle attacks would be very difficult to do. As you'd >> have to own a lot of equipment in the middle. From where I work >> to my home rides on some pretty large pipes and I'm confident >> that I can trust that security. But from a coffee shop man in the >> middle attacks might be more likely. I would like to learn more >> about what you've got. I might be missing something. >> >> BTW, if you can get a user onto my box then I've got a lot of other >> problems. >> >>> Or, google on 'appjack' to find out how easy it is to hijaak an existing >>> ssh session. You get dropped off, and I end up where you were. Very >>> scary >>> stuff. >> Apparently it's not very easy to do: >> >> http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=appjack&btnG=Google+Search >> >> Results 1 - 10 of about 13 for appjack. (0.06 seconds) >> >> I'm missing something. > > A little. And I'm being purposely obtuse on a public mailing list. E-mail > me privately for a direct link, if your google search didn't show a > glimmer of what I'm talking about. I'll do that, thanks. :-) -- Linux Home Automation Neil Cherry nc...@li... http://www.linuxha.com/ Main site http://linuxha.blogspot.com/ My HA Blog http://home.comcast.net/~ncherry/ Backup site |