Debian attacker may have used new exploit

cbbrowne-HInyCGIudOg at public.gmane.org cbbrowne-HInyCGIudOg at public.gmane.org
Wed Dec 3 05:24:51 UTC 2003


> what I don;t understand about this, is how could they know that this was 
> the exploit the hacker used, what if there is something else?

The attacker left some binaries lying around, and an analysis of their
contents showed up code pointing at that particular exploit.

It is, of course, conceivable that the attacker might have used some
other unknown mechanism, and left the binaries around to mislead them
into believing that particular attack was used.

But that is rather like finding your home burgled, and, seeing normal
burglary tools lying around, assuming that it was, instead, black-ops
NSA agents trying to make it LOOK like an ordinary burglary.  

Forgive me if I were to wonder, in such a case, if you were not just a
little bit off your rocker...
--
let name="cbbrowne" and tld="ntlug.org" in name ^ "@" ^ tld;;
http://www3.sympatico.ca/cbbrowne/spreadsheets.html
Rules of the  Evil Overlord #96. "My door  mechanisms will be designed
so that blasting  the control panel on the outside  seals the door and
blasting  the control panel  on the  inside opens  the door,  not vice
versa." <http://www.eviloverlord.com/>
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list