[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael
- Subject: Re: [cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael
- From: "Michael Aronoff" <ma@xxxxxxxx>
- Date: Sun, 5 Nov 2000 13:19:57 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Theo Wrote:
>While I appreciate your alarm, have you >read< any of the complaints and
problems
>people have had with the OS3 "update" that came out a while ago in the
regular
>list group for users? I simply cannot afford down time because of
Cobalt's
>faulty release of patches. Since it's working now, and most of the
exploits
>I've heard about are of the nature of someone having to >allready< have an
>account on this system, and I don't allow shells except to >very< trusted
>individuals, I feel pretty safe right now.
>
>Perhaps you can name any of the weakness revealed in the last three or four
>months that a complete outsider to the system (without an account, or
email...)
>could use against me? I stand respectfully ready to be convinced....
>
>~ Theo
As I understood it the Qpopper exploit could be used by almost anyone as
well as a ProFTP exploit on a box with anon ftp on. But even if that is not
the case it does not change my point. And keep in mind I am not posting
this to just one person or their one specific situation, I post to a public
list so that many users gain knowledge from our discussions.
In MOST situations , even where you say you >trust< every user, that is a
fluid situation at best. A most trusted employee that leaves a company can
become an evil hacker. I simply feel that not installing cobalt patches can
be very dangerous. I did read all the horrors that the first OS3 caused, I
waited for the second version and after people started saying it was OK I
installed it.
Now some have even said that my idea of waiting a few days to a week before
installing them is too risky. They are correct! However I only own 1 Raq
and it is a production server so I can't test things my self first, so I
wait for others on the list to say it looks safe and then I install not
perfect but better than not installing the patches at all.
Michael Aronoff Out
Calabasas, CA
ma@xxxxxxxx