On Mon, 22 Nov 2004 22:17:40 -0600, Ryan O'Rourke <tclug at ryanorourke.org> wrote:
> So, am I correct in assuming that it wouldn't be extremely difficult
> to compromise a Windows box and use keys or saved sessions from WinSCP
> to gain access to my Linux box? I don't know enough about WinSCP to
> know how feasible this scenario is.

Yeah; if your friends generated a keypair and use that for
authentication, rather than user/password, all an attacker would have
to do is find the private key (probably stored on his harddisk) and
identify the username and remote host, which could simply be saved in
a configuration file for winscp if your remote user saved the profile
(which they probably did.)

Ignoring the certs, as Mike Miller point out, an attacker could've
installed a keylogger and captured a password that way.

As to the errors you're getting, I can only guess that perhaps the
rootkit was loaded in memory and translated some
bit-shifting/off-by-one file or memory locations or something to
create these types of errors when viewed outside of the compromised
environment, as you are dong.

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list