So the account compromises I mentioned the other day seems to be a symptom of a bigger epidemic. Several friends’ machines had a rootkits installed on them, and it took a while for my friends to contain and repair the damage (some machines are still offline). I am feeling a little bit better because it is seeming less likely that I was the cause of these failures and more just a victim, but I still used the same password on multiple machines, which is bad news. It is comforting that several of my friends had the same bad habit, so at least I’m in good company. :P
I’ve reset my passwords on those boxes to random characters and am using ssh keys to authenticate instead. There are a few systems I can’t do this on, however. CSH, for example, requires me to password authenticate to retrieve my email and use other house resources, so I can’t set that to a random password. I have, however, picked a password that is unique to each system where I have to use password auth and have unique ssh keypairs (with unique passwords) to each machine I have physical access to. I’ve also decided to never jump out from one remote machine to another (for instance, log in to CSH, then from there log into Matt’s machine), so if the first machine is compromised I don’t have to worry about some rogue sshd snarfing my password (which was one “feature” of the rootkit used in these attacks). Finally, I will change all of my passwords every few months.
As far as I can tell this is about as good of a policy as I can come up with. Any suggestions are appreciated..
so, was CSH compromised? I use a different password there and don’t have a .ssh there, but I have jumped there and then elsewhere.
I don’t believe CSH was compromised, but my account at CSH was compromised..
CSH is fucked today, but it appears to be some kind of raid controller issue or something with /users
“Current Music: cracked, geek, security”
Hehehe. Seriously though, I think you have inspired me to institute a better security policy for myself. My security has been extremely lax for much to long…
Heheh, thanks for the heads up on my tags…. :P
While we’re at it… “Raise your hand if you have a consistent backup solution!” Just as I thought. (My backup methods consist of me whispering “Please don’t crash” repetitively to the computer.)
Actually, I have a 250M external USB2 hard disk and a iCal reminder for me to backup my machines once a month… Works pretty well…
I am guilty of connecting to different machines remotely. Never considered the implcations of that. Thanks for the suggestions.