[Ilugc] Hacking a user's password in Unix
- From: binand@xxxxxxxxx (Binand Sethumadhavan)
- Date: Mon Apr 11 22:03:47 2005
On Apr 11, 2005 5:58 AM, Chandrashekar Babu <lug@xxxxxxxxxxxxxxxxxx> wrote:
Can't believe me ? Try 'strings /proc/kcore | grep your-password' at the
terminal once you've logged into your linux system. Try opening your
email account in a web browser and try the same command from the
terminal again with your email password instead. Surprised ? ;-)
If you are root, there are probably a thousand ways of figuring out
what the user is typing. This is just one of them. There is no point
in getting worried about this - this is not unique to Linux - a
competent sysadmin on Windows or elsewhere too can do this.
This scares me on how a "malicious" sysadmin (with root access) can
overrule any user in a multi-user environment and cause identity theft
without the knowledge of the victim user.
Call it superuser access - root access sort of makes it a Unix-only
problem. The only way out is to be your own sysadmin if you do not
trust your sysadmin.
One of the better ways of getting SSL-enabled website traffic logged
is (typically in an office environment):
1. Roll out workstations with your own root CA.
2. Setup a (transparent) proxy server, which generates on the fly SSL
certificates for any https URL signed with the above CA.
3. Log everything. The user is not prompted about the certificate
since the browser can see that the certificate is issued by a trusted
CA. The user cannot detect that his password/credit card number/bank
account details are being logged elsewhere unless he looks at the
certificate chain - how many of us do this?
Binand
Other related posts:
