Picking up his earlier first-person account of a Leopard Server root exploit, Tom Yager begins by stating that, “I did slam the door on the ClamAV exploiter, and close observation for a couple of weeks allayed my concerns that any lasting hole had been blown in my OS X Leopard Server’s security.”Yager was happy with himself. But then came May, thus far an unkind month. Indeed, one night he walked by his server rack and noticed the CPU activity lights were pegged when they should have been idle. “It was at this point that I knew I was under attack. It’s at this point that a sensible person like you would pull his WAN cable. But I, in addition to using Xserve as my 24/7 server, use it to unravel mysteries that might make for interesting copy, even if it means feeding my limbs to wolves in the process. I care that much.” OS X Security: How I became a spam kingpin, went legit and turned detective. “I’m quite sure that the initial attacker messed with my ssh server keys or my server’s default certificate. Beyond that, I still have a lot of work to do … Meanwhile, I’ll keep scratching around to look for signs that might help you in diagnosing a similar attack.” Security