Chuck wrote:

> IOW change all passwords.
>
> If there were any unencrypted private keys stored on the box assume they
> are now compromised. Remove the corresponding public key from all
> servers immediately and generate new keypairs. This goes for SSH as well
> as PGP and GnuPG.

And be prepared to change them *AGAIN* in the near future. Once a
clever cracker has access to a poorly secured password in your dial-up
or VPN systems, they can often re-install their rootkits or system
tools on other poorly secured systems behind your corporate firewall,
to lurk like hunters in a duck blind for the next set of passwords or
private keys to steal.

Backup sytems in particular are vulnerable to this kind of abuse.
Unencrypted /etc/passwd files, or backup systems that allow restore
restoration by anyone inside the company, are also fun targets of a
cracker inside your systems. This is why security is not a single tool:
it's a set of practices that prevent damage and confine it as much as
possible.