United States computer security emergency response centre (US-CERT) recently said that the detection that hackers through theft SSH (SecureShell) keys for the Linux platform.
SSH for remote communications and networking services specialized communication protocol, you can encrypt the data transfer and access through public-key cryptography, it is considered more reliable protocol. In addition, many use SSH key login system does not require the user to re-enter the password, and automatically log in directly. US-CERT pointed out that the recent discovery of attacks generally using stolen SSH key, and then uses the attack programs to obtain read/write permissions to the root of the system of management in order to implant phalanx2 program. The program for a Rootkit phalanx2, a rootkit is a hacker was devoted to the system, hiding malicious programs to let phalanx2 to organized theft system SSH key to use to attack other sites or systems. SANS researcher JohnBambenek pointed out in the Blog, a hacker may have been a few months ago using Debian system vulnerabilities to steal SSH key, and therefore calls for the IT administrator to update as soon as possible and to reassign key. Experts suggest that IT managers to actively identify existing SSH automatic access system, in particular those for remote or network storage systems to ensure that these systems were implemented in the latest patch.
No comments:
Post a Comment