[cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael

[Theodore Jones <theoj@xxxxxxxxxxxxx>]

Michael,

While I appreciate your alarm, have you >read< any of the compaints and problems
people have had with the OS3 "update" that came out a while ago in the regular
list group for users?   I simply cannot afford down time because of Cobalt's
faulty release of patches.   Since it's working now, and most of the exploits
I've heard about are of the nature of someone having to >allready< have an
account on this system, and I don't allow shells except to >very< trusted
individuals, I feel pretty safe right now.

Perhaps you can name any of the weakness revealed in the last three or four
months that a complete outsider to the system (without an account, or email...)
could use against me?  I stand respectfully ready to be convinced....

~ Theo



Michael Aronoff wrote:

> >----- Original Message -----
> >       Does that patch require the installation require the update of
> OS3?.... I
> >haven't done that one yet because of all the horrors I heard about from
> other
> >users on the regular cobalt list....
>
> Look, I agree that you need to be careful about Cobalt patches, BUT you are
> running an ever greater security risk by not installing them!!!  They often
> fix known security exploits and other problems.  The best thing to do is
> subscribe to cobalt-users and cobalt-developers and read them!!  People on
> these lists will talk about weather a patch causes problems , things to look
> out for and so on.  I always wait about a week after a patch is released
> before I install it.  That way I am being prudent but still secure.
>
> Just my 2cents.
>
> Michael Aronoff Out
> Calabasas, CA
> ma@xxxxxxxx
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security