On Mon, 22 Nov 2004 22:17:40 -0600, Ryan O'Rourke <tclug at ryanorourke.org> wrote: > So, am I correct in assuming that it wouldn't be extremely difficult > to compromise a Windows box and use keys or saved sessions from WinSCP > to gain access to my Linux box? I don't know enough about WinSCP to > know how feasible this scenario is. Yeah; if your friends generated a keypair and use that for authentication, rather than user/password, all an attacker would have to do is find the private key (probably stored on his harddisk) and identify the username and remote host, which could simply be saved in a configuration file for winscp if your remote user saved the profile (which they probably did.) Ignoring the certs, as Mike Miller point out, an attacker could've installed a keylogger and captured a password that way. As to the errors you're getting, I can only guess that perhaps the rootkit was loaded in memory and translated some bit-shifting/off-by-one file or memory locations or something to create these types of errors when viewed outside of the compromised environment, as you are dong. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list