Hi Linda,
The situation is more serious. If this is a vulnerability then the
vulnerability has been exploited.
This makes it an incident.
Cornwall, LA (Linda) wrote:
> Looks like a vulnerability to me - if someone can leave an ssh key
> behind!
> So simple. Another reason not to recycle accounts.
>
> Linda
>
>
>>-----Original Message-----
>>From: Testbed Support for GridPP member institutes [mailto:TB-
>>[log in to unmask]] On Behalf Of owen maroney
>>Sent: 13 June 2005 16:52
>>To: [log in to unmask]
>>Subject: [Fwd: Re: [LCG-ROLLOUT] How to blacklist a certificate at
>
> site
>
>>level ??]
>>
>>
>>
>>-------- Original Message --------
>>Subject: Re: [LCG-ROLLOUT] How to blacklist a certificate at site
>
> level ??
>
>>Date: Mon, 13 Jun 2005 16:49:31 +0100
>>From: owen maroney <[log in to unmask]>
>>Reply-To: LHC Computer Grid - Rollout
>
> <[log in to unmask]>
>
>>To: [log in to unmask]
>>References:
>><[log in to unmask]>
>> <[log in to unmask]>
>>
>>Hi,
>>
>>Hmm.
>>
>>Just checked the CE here and found that at 12:43 today someone copied
>>ssh keys into ~/.ssh
>>
>>This seems fairly clearly an abuse of someones certificate.
>>
>>I am entirely happen to 'name' this person. I suggest other sites may
>>want to check ls -latrh /home/*/.ssh
>>
>>Owen.
>>
>>Dan Schrager wrote:
>>
>>
>>>I could give you the details of the certificate.
>>>There is someone that had tried to bypass the certificate
>
> authentication
>
>>>by inserting ssh keys into the ~/.ssh directory to which it had been
>>>mapped on our public CE.
>>>
>>>Until further checks I will postpone the "name and shame" policy...
>>>
>>>
>>>
>>>Bly, MJ (Martin) wrote:
>>>
>>>
>>>>I suppose it is politic to ask: if you feel the need to urgently
>>>>blacklist a user, should we all be doing the same?
>>>>Martin.
>>>>
>>>>-----Original Message-----
>>>>From: LHC Computer Grid - Rollout
>>>>[mailto:[log in to unmask]] On Behalf Of Dan Schrager
>>>>Sent: Monday, June 13, 2005 3:57 PM
>>>>To: [log in to unmask]
>>>>Subject: [LCG-ROLLOUT] How to blacklist a certificate at site level
>
> ??
>
>>>>
>>>>Hi everybody,
>>>>
>>>>There is an urgent need at our site to blacklist a certificate.
>>>>
>>>>Please advice how can this be done at local, gatekeeper(?) level.
>>>>
>>>>Regards,
>>>>Dan
>>>>
>>>>
>>
>>--
>>======================================================
>>Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>
>>Tel. (+44)20 759 47802
>>
>>Imperial College London
>>High Energy Physics Department
>>The Blackett Laboratory
>>Prince Consort Road, London, SW7 2BW
>>===================================
>>
>>
>>
>>--
>>======================================================
>>Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>
>>Tel. (+44)20 759 47802
>>
>>Imperial College London
>>High Energy Physics Department
>>The Blackett Laboratory
>>Prince Consort Road, London, SW7 2BW
>>===================================
>
>
--
=======================================================
Dr O J E Maroney # London Tier 2 Technical Co-ordinator
Tel. (+44)20 759 47802
Imperial College London
High Energy Physics Department
The Blackett Laboratory
Prince Consort Road, London, SW7 2BW
====================================
|