The crucial element in the password thefts that provided access
at Cisco and elsewhere was the intruder's use of a corrupted
version of a standard software program, SSH. The program is
used in many computer research centers for a variety of tasks,
ranging from administration of remote computers to data transfer
over the Internet.
The intruder probed computers for vulnerabilities that allowed
the installation of the corrupted program, known as a Trojan
horse, in place of the legitimate program.
Ouch. Makes me wonder how long before someone cracks the
ssh that you can order for T-Mobile Sidekicks like mine.
("Before"? "Already!" . . . whatever) It *is* handy in a pinch,
I last used it to check a server quickly while I was sitting in the
Rockpile (center field bleachers) at a Denver Rockies game last
month It's some flavor of ssh2, guess I'll have to ask my
friend who works at Danger which one. The notion of
launching a DDOS from a cellphone is intriguing in a novelistic
sense and worrisome in a real.world sense.