> The bigger question is why admins are reinstalling with the same logon > credentials if they think that's how they got in to begin with.
Centralized authentication could be one reason. I'd see that being a problem, but its truly sad that admins don't have more concern for their passwords. In fact, at this point I'd suggest implementing Mandatory Access Control (MAC) as in SELinux or AppArmor which would indeed prevent this attack at least from the description I read above. If you have a hard time understanding what SELinux can do, think of it as a rule based system that only allows applications to access files they are *supposed* to access. Cheers, Clint /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
