Yes, a can of worms... But general direction would be nice...

Corey Edwards tensai at
Wed Jul 15 09:32:23 MDT 2009

Hash: SHA1

Gabriel Gunderson wrote:
> On Tue, Jul 14, 2009 at 7:49 PM, Scott Morris<scottmorris at> wrote:
>> When you have been hacked:
> I don't mean to be a downer, but I've got bad news... The only thing
> to do if you've already *been hacked* is re-install and rebuild from
> trusted sources.  Really, they've out smarted you once, are you going
> to give them another chance?
> Well, I guess if you had md5/sha1 sums (that you can trust) of every
> file on your system and you're willing to go file-by-file and verify
> them when mounted on a trusted system (*not* the one that was hacked),
> then, maybe, you could sleep again at night knowing all is well.

Even then, you have to be confident that the md5 sums you have are from
*before* the hack. What if they broke in long before realized it and you
have no reliable backups? I wholeheartedly concur with your sentiment
that once they've broken in, nothing can be trusted.

That said, it's not always practical to re-install. I had a box broken
into and it was hundreds of miles away in an unmanned facility. The box
wasn't doing a whole lot besides running a temperature monitor so
justifying the cost of a trip and the time to do the re-install was
difficult. Out of necessity I had to piece the system back together
remotely and bide my time until I could make the trip. Sometimes life
sucks like that.


Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the PLUG mailing list