Entry 14119 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 14119

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/24 [General] UID:1000 Activity:popular

5/24

1998/5/21 [Computer/SW/Security] UID:14119 Activity:very high

5/10    How does the root know what the sniffer logged??!?!?
 Hi.  You are receiving this automated note because of a breakin to one
 of our machines.  The intruder installed a sniffer and began logging
 passwords.

 Your password appeared in those logs.

 Therefore, you should change your password immediately.  (If you use
                                                        \_ and use SSH
 the same password on several machines, don't forget to change it on all
 of them!)
        \_ Because the sniffer logged to disk and root can read the disk.
                DUH!
        \_ Because the sniffer E-mailed the passwords to somebody else, and
           root happened to run across the list one day when they were
           reading everybody's E-mail looking for interesting stuff, silly.
        \_ Because you logged in during the period of time the sniffer was
           active.  It's a good guess that your password was sniffed during
           that time.
        \_ "Appeared in" --> "we have a copy of, and we read".  Not telepathy.
        \_ so why the love affair with ssh? besides telnet,
           aren't the pop3 and ftp ports also vulnerable?
                \_ that's like asking "why the love affair with helmets?
                   aren't other body parts still vulnerable?" - protecting
                   the most important/used parts is better than going
                   completely unprotected
           \_ Yes, of course.  That's why SSH supports port redirection, so
              that you can securely use unencrypted services.  See the man
              page for ssh, options "-L" and "-R".  SSH is more than just a
              telnet replacement...
           \_ Don't use pop3 and use scp where you'd use ftp (although ssh
              can encrypt ftp's authentication). --dim
                \_ Huh?
                   \_ What's so hard about "don't use pop" or "use scp instead
                        of ftp"?
        \_ It's super cool sysadmin magic.
        \_ cuz root *is* the sniffer!
          \_ no, root is the Kwisatz Haderach.

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/24 [General] UID:1000 Activity:popular

5/24

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil

9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil

5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...

2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil

2/9     Reminder: support for mail services has been deprecated for *several
        years*. Mail forwarding, specifically .forward mail forwarding, is
        officially supported and was never deprecated.
        \_ There is no .forward under ~root.  How do we mail root and how do
           we get responses?
           \_ root@csua.berkeley.edu is and always has been an alias.
	...

2011/9/14-12/28 [Computer/SW/Unix] UID:54172 Activity:nil

9/12    We've restored CSUA NFS to something vaguely resembling normal
        functionality -- plus, with some luck, we should now have something
        vaguely resembling normal uptime, too!  Ping root@csua.org if you
        notice any problems.  --jordan
--------------------------------------------------------------------------------
        \_  Oh, and http://irc.CSUA.Berkeley.EDU is online again.
	...

2011/6/5-8/27 [Computer/HW/Memory] UID:54127 Activity:nil

6/5     In an effort to stabilize our services, we'll be rebuilding parts of
        the CSUA infrastructure over the course of this summer.  To give us
        some wiggle room, I've temporarily decreased soda's allocated RAM from
        8GB to 2GB.  If you need to run something that requires large amounts
        of memory, please send mail to root@csua.org and we'll try to
        accommodate your request.  --jordan
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...