[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: Raq3 hacked (was:Support for Cobalt Products)
- Subject: Re: [cobalt-security] Re: Raq3 hacked (was:Support for Cobalt Products)
- From: Theodore Jones <theoj@xxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2000 09:52:13 -0700
Audric,
I had the same incident come up on my RaQ3i about a month ago. It took some
serious persistent waiting on the techsup line to get to somebody, but when I
did I was able to get the problem corrected. Someone at first told me that my
system had been hacked also, and that I needed to restore the whole system
probably. I said however that I keep a pretty close eye on my log files and
security, and had detected no break ins at all. After geting a "level 2" tech
on the line I think,
I was able to give this person telnet access into the unit, and he was able to
":realign the postgres db that cobalt's gui runs on" or something to that
effect to clear up the alarm signal in the GUI. To tell the truth however, my
mail has never been quite the same after I had that defcon message with no
documentation about it in the manual or on the website >>anywhere<<. My mail
has been going down frequently or is not accepting or serving email for periods
of time or not at all. Since I think that defcon is a military term for
high-alert or something, I was pretty uncomfortable after seeing that initial
message in the GUI System Monitor settings. I had the same problem getting any
details on how I might have been hacked via mail with the initial tech that
told me that also. I don't know if they are possibly being reticent to discuss
the details of how the exploit worked or what.
I think that this problem is also kind of rare, as when I first asked anyone
about that message on this list, nobody was able to answer it at all. How has
your email been running lately?
~ Theo
Audric Leperdi wrote:
> ----- Original Message -----
> From: "Hung Huynh" <hung@xxxxxxxxxxxx>
> Sent: Wednesday, June 28, 2000 2:23 AM
> Subject: Re: Support for Cobalt Products (Was: Re: [cobalt-security] kernel
> corrupted!)
>
> > Well said. I was lucky to get to talk to a tech support guy(Jason) the
> first
> > time I called. He said my RAQ3i box was hacked(without giving any reasons
> on how
> > it was hacked), and asked me to purchase a restored CD. That was all he
> could
> --------8<-------------[snip]--------8<-------------
>
> In order to keep some relevance to this list (security) I have a question.
> What happened to Hung Huynh happend to me as well.
>
> Had 3 swatch_***_defcon2 alerts.
>
> Cobalt support said my RaQ was compromised and had to restore it.
> I was a little luckier because they sent me the restore-cd right away free
> of charge.
>
> I still need to know what happened?
> What has been hacked and how?
> What can I do so that it won't happen again?
>
> anyone can decrypt swatch alerts?
>
> thanks
>
> Audric Leperdi
> CIO - evolutiva srl
> Via Varallo, 30 -10153 - Torino - Italy
> tel +39 011 8121617 - fax. +39 011 8121614
> www.evolutiva.com
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security