[ddbb]

Who says it was a 0-day attack? Looking at the output,it seems they brute force the password of user adam...

So yes, even the pros sometimes can make mistake.

[hachiya]

They made it appear that the exploit somehow was able to determine that a user-level account with the name of adam existed. SSH shouldn't do this.

Then they made it appear that they were able to log in as adam, and the logs don't make it look like a brute force.

Then they made it appear that somehow privileges were elevated from adam to root, but did not provide any supposed log of how this was done.

[olefoo]

Well, the posted log, could be a complete fabrication. It certainly doesn't contain anything useful and may in fact be deliberately misleading.

I'm hoping that Thomas and the rest of the crew do perform an intensive and public analysis of the exploit. It wouldn't surprise me if the break was in Wordpress or one of the other application level programs.