United States computer security emergency response centre (US-CERT) this week that found hackers through stolen SSH (SecureShell) key for Linux computing architecture.
SSH to a remote communications and networking services specialized communication protocol, because you can encrypt all transmitted data, and access through public-key cryptography, it is considered more reliable protocol, also for free and open source. In addition, many use SSH key login system does not require users to enter passwords or password string (passphrase) and can be automatically logged in. However, US-CERT pointed out that the recent discovery of the attack began using stolen SSH key to access the system, then use the regional core attack program made executable and access all files rootaccess system permissions to implantation phalanx2 program. The program for a Rootkit phalanx2, a rootkit is a hacker was devoted to the system, hiding malicious programs to let phalanx2 to organized theft system SSH key to use to attack other sites or systems. SANS researcher JohnBambenek description in the Blog, hackers may be a few months ago, taking advantage of the Debian system vulnerability to obtain some of the key, therefore calls for IT staff to update and exchange relevant key. Both are recommended Bambenek US-CERT or IT managers to actively identify through SSH key automatic access system, in particular those for remote or network access systems to ensure that these systems have the latest patches, and encourage users to leverage key and password login system to reduce risk. Also included are how to test US-CERT system whether there phalanx2 program path.
No comments:
Post a Comment