Re: [cobalt-security] [Raq3i] interesting hack symptoms >> reply to Michael

["Michael Aronoff" <ma@xxxxxxxx>]

Theo Wrote:
>While I appreciate your alarm, have you >read< any of the complaints and
problems
>people have had with the OS3 "update" that came out a while ago in the
regular
>list group for users?   I simply cannot afford down time because of
Cobalt's
>faulty release of patches.   Since it's working now, and most of the
exploits
>I've heard about are of the nature of someone having to >allready< have an
>account on this system, and I don't allow shells except to >very< trusted
>individuals, I feel pretty safe right now.
>
>Perhaps you can name any of the weakness revealed in the last three or four
>months that a complete outsider to the system (without an account, or
email...)
>could use against me?  I stand respectfully ready to be convinced....
>
>~ Theo

As I understood it the Qpopper exploit could be used by almost anyone as
well as a ProFTP exploit on a box with anon ftp on.  But even if that is not
the case it does not change my point.  And keep in mind I am not posting
this to just one person or their one specific situation, I post to a public
list so that many users gain knowledge from our discussions.

In MOST situations , even where you say you >trust< every user, that is a
fluid situation at best.  A most trusted employee that leaves a company can
become an evil hacker.  I simply feel that not installing cobalt patches can
be very dangerous.   I did read all the horrors that the first OS3 caused, I
waited for the second version and after people started saying it was OK I
installed it.
Now some have even said that my idea of waiting a few days to a week before
installing them is too risky.  They are correct!  However I only own 1 Raq
and it is a production server so I can't test things my self first, so I
wait for others on the list to say it looks safe and then I install not
perfect but better than not installing the patches at all.

Michael Aronoff Out
Calabasas, CA
ma@xxxxxxxx