[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: Raq3 hacked (was:Support for Cobalt Products)
- Subject: Re: [cobalt-security] Re: Raq3 hacked (was:Support for Cobalt Products)
- From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2000 18:55:29 +0200
- Organization: evolutiva srl
----- Original Message -----
From: "Theodore Jones" <theoj@xxxxxxxxxxxxx>
----8<-------[snip]----8<-------
> I think that this problem is also kind of rare, as when I first asked
anyone
> about that message on this list, nobody was able to answer it at all.
How has
> your email been running lately?
----8<-------[snip]----8<-------
Luckyly for me, I use bigger iron for my mail servers.
I only use the raq mail server for testing.
Theo,
... so that makes two of us (maybe there are others outthere).
... still, do I have to hack myself the swatch service to understand what
it does and what make it trigger two defcon 2?
Even the dummiest way of checksumming up system files and watch for
tampering would indicate me the file that triggered the swatch service.
sneaking into /usr/local/sbin/swatch (compiled without any sort of help) I
could
see several sql queries (probably in the cobalt postgres system db).
Could found out more. maybe someone can...
Audric Leperdi
CIO - evolutiva srl
Via Varallo, 30 -10153 - Torino - Italy
tel +39 011 8121617 - fax. +39 011 8121614
www.evolutiva.com