Wednesday, June 15, 2005

"Hashing exploit threatens digital security"

From New Scientist: Hashing exploit threatens digital security

The affected algorithms potentially are MD-5 and SHA-1. This'd up the ante for the game of patch-and-hack... which reminds me of the rootkit episode!

When I wrote last week about getting rootkit-ed, I didn't mention that it was md5sum that helped me detect the changes made to the sshd binary. The attacker left a backdoor (/etc/; creates a /tmp/ that returns 0 when login/ssh daemon tries to look up a user's UID. It was admittedly, not a very deep attack (it was not even a Loadable Module Kernel-style attack), and the attacker did not even attempt to erase his footprint.

(More description can be found here)

Yet, it is a disturbing discovery that requires yet more vigilance on the defender's part. That's one tool less to fight attackers out there.

No comments: