[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] URGENT Hacking

Subject: RE: [cobalt-security] URGENT Hacking
From: "Chris Weiss" <chris@xxxxxxxxxxxxx>
Date: Mon, 4 Sep 2000 15:52:47 -0400

One of things that a good program in computer science teaches you is a that
a perfect debugger is a provably impossible thing.  It doesn't mean you
can't have a good debugger or that certain types of bugs can't always be
found and fixed.  However, what it does mean is that you will never have a
debugger that will catch every possible bug.  If you had some training in
computer science, the perfect debugging is equivalent to the halting problem
(can a system always tell whether or not an arbitrary program will
terminate), which is a trivial example of an unsolvable problem.

Security holes are a form of bug.  Expecting Cobalt to provide you a machine
with every possible hole plugged and solved is simply impossible.  *EVERY*
computer system requires constant vigilance, upgrades and patches.  Until
hacking is pursued like the crime it truly is, we will all have to waste an
incredible amount of resources trying to block people from illegal access to
our systems.

If you are a business person looking for the silver bullet for your
serving/hosting needs - I can actually *prove* to you that it doesn't exist
if you have a couple of weeks.

I have worked on dozens of platforms, and many different operating systems.
The Raqs are about as simple and secure as you are going to get for the
amount you pay per unit.

My point is this.  If you believe that Cobalt should replace the need for an
intelligent and well-trained system administrator, then you are mistaken.
If Cobalt made you believe this, shame on them.  If you read this into their
sales pitch, then shame on you.  Keeping systems safe and secure takes
constant research and constant work.  If you lack the training or the
experience, then you must either invest in upgrading your skills or hire
someone with the skills you need.

Chris





-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Mark Baker -
Cobalt Lists
Sent: Monday, September 04, 2000 3:21 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] URGENT Hacking


Thanks Chris, but a lot of these issues we'd expect cobalt fix as the Raq's
are sold as the simple machine which is what we like to get, but are happy
to play with.

Obviously cobalt never tell you about these holes until someone has a
problem with them.

It would be great if they could provide fixes for these as a lot of us don't
have time to play around with security settings e.t.c

Any help you can give would be appreciated.

Regards,

Mark Baker
Dark Marketing Ltd
http://www.yoursitehere.co.uk

Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
----- Original Message -----
From: Chris Weiss <chris@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, September 04, 2000 8:18 PM
Subject: RE: [cobalt-security] URGENT Hacking


> C'mon people.
>
> Expecting Cobalt to solve your security issues related to general
> configuration is a little absurd.  Much of what has been flying around
shows
> how junior many of the people on this list truly are.  If this is your
first
> experience with Unix/Linux - buy some books and get some training.
>
> There are many general Unix tricks for securing your machine that work on
> Raqs and are not Cobalt specific.  You should run Crack against your
> password file with multiple dictionaries, you should run TCP wrappers,
> restricting access where possible for services such as FTP, you should
check
> your file permissions religiously, etc., etc.  There are things that every
> Unix sysadmin worth his or salary should know.
>
> Go to www.sans.org or a similar site and look up security links.  You will
> be amazed how many security holes can be plugged simply by making minor
> configuration modifications.
>
> Chris Weiss
> Chief Scientist
> Database Engineering
> Pure Carbon
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Mark Baker -
> Cobalt Lists
> Sent: Monday, September 04, 2000 1:32 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] URGENT Hacking
>
>
> Is anyone from cobalt networks on the list to comment on this please??
> Is there a patch?
>
> Regards,
>
> Mark Baker
> Dark Marketing Ltd
> http://www.yoursitehere.co.uk
>
> Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] URGENT Hacking
  - From: Mark Baker - Cobalt Lists

References:
- Re: [cobalt-security] URGENT Hacking
  - From: Mark Baker - Cobalt Lists

Prev by Date: Re: [cobalt-security] URGENT Hacking
Next by Date: Re: [cobalt-security] URGENT Hacking
Previous by thread: Re: [cobalt-security] URGENT Hacking
Next by thread: Re: [cobalt-security] URGENT Hacking

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index