Ah, well then. Feel free to email my boss and tell him he's being too paranoid and to take down the ssh whitelist. It's not just one shop that's taking precautions with ssh.
Just because a system shouldn't be vulnerable doesn't mean it hasn't been exploited. When you have a hack like this that potentially exposed so much data for so long undetectably, you really cannot pretend that any subsystem is safe. After all, the data could then be used to take advantage of other privilege escalation bugs.
In other news, 23 hours of downtime. Downtime is frowntime
-- ∇×V
Just because a system shouldn't be vulnerable doesn't mean it hasn't been exploited. When you have a hack like this that potentially exposed so much data for so long undetectably, you really cannot pretend that any subsystem is safe. After all, the data could then be used to take advantage of other privilege escalation bugs.
Bruce Schneier Wrote:Basically, an attacker can grab 64K of memory from a server. TheIn other words, freaking out is the correct behavior here.
attack leaves no trace, and can be done multiple times to grab a
different random 64K of memory. This means that anything in memory --
SSL private keys, user keys, anything -- is vulnerable. And you have to
assume that it is all compromised. All of it.
"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.
In other news, 23 hours of downtime. Downtime is frowntime
-- ∇×V