Apache dynamic module infected

Clint Savage herlo1 at gmail.com
Tue Jan 22 22:02:46 MST 2008


> The bigger question is why admins are reinstalling with the same logon
> credentials if they think that's how they got in to begin with.

Centralized authentication could be one reason.  I'd see that being a
problem,  but its truly sad that admins don't have more concern for
their passwords.

In fact, at this point I'd suggest implementing Mandatory Access
Control (MAC) as in SELinux or AppArmor which would indeed prevent
this attack at least from the description I read above.

If you have a hard time understanding what SELinux can do, think of it
as a rule based system that only allows applications to access files
they are *supposed* to access.

Cheers,

Clint



More information about the PLUG mailing list