From New Scientist: Hashing exploit threatens digital security
The affected algorithms potentially are MD-5 and SHA-1. This'd up the ante for the game of patch-and-hack... which reminds me of the rootkit episode!
When I wrote last week about getting rootkit-ed, I didn't mention that it was md5sum that helped me detect the changes made to the sshd binary. The attacker left a backdoor (/etc/ld.so.preload); creates a /tmp/getuid.so that returns 0 when login/ssh daemon tries to look up a user's UID. It was admittedly, not a very deep attack (it was not even a Loadable Module Kernel-style attack), and the attacker did not even attempt to erase his footprint.
(More description can be found here)
Yet, it is a disturbing discovery that requires yet more vigilance on the defender's part. That's one tool less to fight attackers out there.
No comments:
Post a Comment