Hi Linda,
another reason to teach people simple methods to protect themselves. There
should be security pages with receipes to avoid this back doors to
work even if someone tries to install them.
Anyway this is a spread incident because I found too an authorized key and
what makes even more nervous is that it is a dteam member. not an atlas
student having fun.
cheers
alessandra
On Mon, 13 Jun 2005, owen maroney wrote:
> Hi Linda,
>
> The situation is more serious. If this is a vulnerability then the
> vulnerability has been exploited.
>
> This makes it an incident.
>
> Cornwall, LA (Linda) wrote:
>> Looks like a vulnerability to me - if someone can leave an ssh key
>> behind!
>> So simple. Another reason not to recycle accounts.
>>
>> Linda
>>
>>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>> [log in to unmask]] On Behalf Of owen maroney
>>> Sent: 13 June 2005 16:52
>>> To: [log in to unmask]
>>> Subject: [Fwd: Re: [LCG-ROLLOUT] How to blacklist a certificate at
>>
>> site
>>
>>> level ??]
>>>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: [LCG-ROLLOUT] How to blacklist a certificate at site
>>
>> level ??
>>
>>> Date: Mon, 13 Jun 2005 16:49:31 +0100
>>> From: owen maroney <[log in to unmask]>
>>> Reply-To: LHC Computer Grid - Rollout
>>
>> <[log in to unmask]>
>>
>>> To: [log in to unmask]
>>> References:
>>> <[log in to unmask]>
>>> <[log in to unmask]>
>>>
>>> Hi,
>>>
>>> Hmm.
>>>
>>> Just checked the CE here and found that at 12:43 today someone copied
>>> ssh keys into ~/.ssh
>>>
>>> This seems fairly clearly an abuse of someones certificate.
>>>
>>> I am entirely happen to 'name' this person. I suggest other sites may
>>> want to check ls -latrh /home/*/.ssh
>>>
>>> Owen.
>>>
>>> Dan Schrager wrote:
>>>
>>>
>>>> I could give you the details of the certificate.
>>>> There is someone that had tried to bypass the certificate
>>
>> authentication
>>
>>>> by inserting ssh keys into the ~/.ssh directory to which it had been
>>>> mapped on our public CE.
>>>>
>>>> Until further checks I will postpone the "name and shame" policy...
>>>>
>>>>
>>>>
>>>> Bly, MJ (Martin) wrote:
>>>>
>>>>
>>>>> I suppose it is politic to ask: if you feel the need to urgently
>>>>> blacklist a user, should we all be doing the same?
>>>>> Martin.
>>>>>
>>>>> -----Original Message-----
>>>>> From: LHC Computer Grid - Rollout
>>>>> [mailto:[log in to unmask]] On Behalf Of Dan Schrager
>>>>> Sent: Monday, June 13, 2005 3:57 PM
>>>>> To: [log in to unmask]
>>>>> Subject: [LCG-ROLLOUT] How to blacklist a certificate at site level
>>
>> ??
>>
>>>>>
>>>>> Hi everybody,
>>>>>
>>>>> There is an urgent need at our site to blacklist a certificate.
>>>>>
>>>>> Please advice how can this be done at local, gatekeeper(?) level.
>>>>>
>>>>> Regards,
>>>>> Dan
>>>>>
>>>>>
>>>
>>> --
>>> ======================================================
>>> Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>>
>>> Tel. (+44)20 759 47802
>>>
>>> Imperial College London
>>> High Energy Physics Department
>>> The Blackett Laboratory
>>> Prince Consort Road, London, SW7 2BW
>>> ===================================
>>>
>>>
>>>
>>> --
>>> ======================================================
>>> Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>>
>>> Tel. (+44)20 759 47802
>>>
>>> Imperial College London
>>> High Energy Physics Department
>>> The Blackett Laboratory
>>> Prince Consort Road, London, SW7 2BW
>>> ===================================
>>
>>
>
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|