PHWinfo - Afficher un message

30/10/2006, 19h54

Nico wrote:
> Chuck wrote:
>
>> Who's to say the format utility isn't compromised as well? I'd boot from
>> a CD-ROM (something non-writable) and do the format from there.
>
> That's how you normally reformat the / partition, where core software
> lives.
>
> Now, I'd invest in a second disk if feasible, install the new OS on the
> second disk with only critical text configuration files brought over
> from backup, very, very carefully, and set aside the first disk for
> examining as a spare drive in a safe environment (such as booting from
> a Knoppix LiveCD) to apply some analysis to it and look for traces in
> the logs.
>
> Assume also that every password and account on that system have been
> sniffed and cracked: if you haven't been paying attention to how to
> protect your systems from an attack from the inside, you are now very
> vulnerable to any accounts that existed on that system.
>

IOW change all passwords.

If there were any unencrypted private keys stored on the box assume they
are now compromised. Remove the corresponding public key from all
servers immediately and generate new keypairs. This goes for SSH as well
as PGP and GnuPG.

30/10/2006, 19h54	#20
Chuck Messages: n/a Hébergeur:	Re: Hacker on my system ? Nico wrote: > Chuck wrote: > >> Who's to say the format utility isn't compromised as well? I'd boot from >> a CD-ROM (something non-writable) and do the format from there. > > That's how you normally reformat the / partition, where core software > lives. > > Now, I'd invest in a second disk if feasible, install the new OS on the > second disk with only critical text configuration files brought over > from backup, very, very carefully, and set aside the first disk for > examining as a spare drive in a safe environment (such as booting from > a Knoppix LiveCD) to apply some analysis to it and look for traces in > the logs. > > Assume also that every password and account on that system have been > sniffed and cracked: if you haven't been paying attention to how to > protect your systems from an attack from the inside, you are now very > vulnerable to any accounts that existed on that system. > IOW change all passwords. If there were any unencrypted private keys stored on the box assume they are now compromised. Remove the corresponding public key from all servers immediately and generate new keypairs. This goes for SSH as well as PGP and GnuPG.