And to avoid any political incident..... I should have said experiment A
student having fun. :)
cheers
alessandra
On Mon, 13 Jun 2005, Alessandra Forti wrote:
> Hi Linda,
>
> another reason to teach people simple methods to protect themselves. There
> should be security pages with receipes to avoid this back doors to work even
> if someone tries to install them.
>
> Anyway this is a spread incident because I found too an authorized key and
> what makes even more nervous is that it is a dteam member. not an atlas
> student having fun.
>
> cheers
> alessandra
>
> On Mon, 13 Jun 2005, owen maroney wrote:
>
>> Hi Linda,
>>
>> The situation is more serious. If this is a vulnerability then the
>> vulnerability has been exploited.
>>
>> This makes it an incident.
>>
>> Cornwall, LA (Linda) wrote:
>>> Looks like a vulnerability to me - if someone can leave an ssh key
>>> behind!
>>> So simple. Another reason not to recycle accounts.
>>>
>>> Linda
>>>
>>>
>>>> -----Original Message-----
>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>>> [log in to unmask]] On Behalf Of owen maroney
>>>> Sent: 13 June 2005 16:52
>>>> To: [log in to unmask]
>>>> Subject: [Fwd: Re: [LCG-ROLLOUT] How to blacklist a certificate at
>>>
>>> site
>>>
>>>> level ??]
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [LCG-ROLLOUT] How to blacklist a certificate at site
>>>
>>> level ??
>>>
>>>> Date: Mon, 13 Jun 2005 16:49:31 +0100
>>>> From: owen maroney <[log in to unmask]>
>>>> Reply-To: LHC Computer Grid - Rollout
>>>
>>> <[log in to unmask]>
>>>
>>>> To: [log in to unmask]
>>>> References:
>>>> <[log in to unmask]>
>>>> <[log in to unmask]>
>>>>
>>>> Hi,
>>>>
>>>> Hmm.
>>>>
>>>> Just checked the CE here and found that at 12:43 today someone copied
>>>> ssh keys into ~/.ssh
>>>>
>>>> This seems fairly clearly an abuse of someones certificate.
>>>>
>>>> I am entirely happen to 'name' this person. I suggest other sites may
>>>> want to check ls -latrh /home/*/.ssh
>>>>
>>>> Owen.
>>>>
>>>> Dan Schrager wrote:
>>>>
>>>>
>>>>> I could give you the details of the certificate.
>>>>> There is someone that had tried to bypass the certificate
>>>
>>> authentication
>>>
>>>>> by inserting ssh keys into the ~/.ssh directory to which it had been
>>>>> mapped on our public CE.
>>>>>
>>>>> Until further checks I will postpone the "name and shame" policy...
>>>>>
>>>>>
>>>>>
>>>>> Bly, MJ (Martin) wrote:
>>>>>
>>>>>
>>>>>> I suppose it is politic to ask: if you feel the need to urgently
>>>>>> blacklist a user, should we all be doing the same?
>>>>>> Martin.
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: LHC Computer Grid - Rollout
>>>>>> [mailto:[log in to unmask]] On Behalf Of Dan
>>>>>> Schrager
>>>>>> Sent: Monday, June 13, 2005 3:57 PM
>>>>>> To: [log in to unmask]
>>>>>> Subject: [LCG-ROLLOUT] How to blacklist a certificate at site
>>>>>> level
>>>
>>> ??
>>>
>>>>>>
>>>>>> Hi everybody,
>>>>>>
>>>>>> There is an urgent need at our site to blacklist a certificate.
>>>>>>
>>>>>> Please advice how can this be done at local, gatekeeper(?) level.
>>>>>>
>>>>>> Regards,
>>>>>> Dan
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> ======================================================
>>>> Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>>>
>>>> Tel. (+44)20 759 47802
>>>>
>>>> Imperial College London
>>>> High Energy Physics Department
>>>> The Blackett Laboratory
>>>> Prince Consort Road, London, SW7 2BW
>>>> ===================================
>>>>
>>>>
>>>>
>>>> --
>>>> ======================================================
>>>> Dr O J E Maroney # London Tier 2 Technical Co-ordinator
>>>>
>>>> Tel. (+44)20 759 47802
>>>>
>>>> Imperial College London
>>>> High Energy Physics Department
>>>> The Blackett Laboratory
>>>> Prince Consort Road, London, SW7 2BW
>>>> ===================================
>>>
>>>
>>
>>
>
>
--
********************************************
* Dr Alessandra Forti *
* Technical Coordinator - NorthGrid Tier2 *
* http://www.hep.man.ac.uk/u/aforti *
********************************************
|