[cobalt-security] I tried..

["Thomas Fosbenner Jr." <tom@xxxxxxxxxxx>]

Well,
    2 months ago I alerted Cobalt Networks to a hack that was out there that
worked on ALL cobalt systems. It is currently an underground hack that is
VERY hard to get. I saw it in action, it was used to hack my Raq2. I called
Cobalt and I actually talked to a live person, told them where to get the
hack (at that time) and they said they would take care of it. I called back
the following week and Cobalt said it was not a threat. I have seen this in
action, I have tried it on another Raq2 and it worked on that. This hack is
not publicly known yet which makes it dangerous. I tried to tell cobalt but
they will not listen.

 All the user needs to do is to put this one, little file on the Raq, either
by FTP or some other means, then execute it through the web. Instantly they
have an account named 2el33t (or something like that). This shows up in no
logs and is undetectable as far as I know. I looked through all of our logs
and found no trace of it. Once this program was run, that user had ROOT
access, the rest you can figure out on your own.

 The way I found this was that one of our employees thought he was ELITE and
ran it from his house. Then he created all of these accounts and came to
work the next day and told us about it.

 My point for all of this is, if things on your system are acting kind of
funny, check your /etc/passwd file to make sure everything in there is
legite. I am not sure when this will hit the public but I thought I would
let everyone on this list know.

 I tried to get cobalt to listen, but they will not.

 That's all I know about this for now.
 The hack is 2 months old and is VERY hard to find and I have no clue how it
works, it just does, I know, I was hacked by it.

 Needless to say, I take security very serious and this will be the LAST
time I will buy a Cobalt product until they can show some concern on
security issues brought up to them.

 That's all I have for now.
 Thanks

 Tom