[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RaQ3 Hacked - Information Gathered
- Subject: RE: [cobalt-security] RaQ3 Hacked - Information Gathered
- From: "Joe" <Joe@xxxxxxxx>
- Date: Mon, 12 Mar 2001 20:27:55 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
My cobalt was also hacked last week and in a similar fashion OS & version
numbers were changed (According to genius techies at the co-location
building).
In my case, the users changed versions of most programs and then created
user accounts called Site1 Site2 Site3 etc etc.
Thanks to the quick action of my colocation providers I knew within about 5
minutes of the culprits trying to use the box to flood some other system. I
was advised to download the logs and they re-loaded the entire box from
scratch.
Admittedly I had not added two of the most recent patches before this
"hack", however I'm now subscribed to both this list and the announcement
list - the same mistake hopefully won't happen again...
Rgds
Joe
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Administrator
Sent: 08 March 2001 17:05
To: 'cobalt-security@xxxxxxxxxxxxxxx'
Subject: [cobalt-security] RaQ3 Hacked - Information Gathered
Recently, my Raq3 was hacked. I was able to get back into the system with
the ROM boot method. I was able to determine that the kernel, among other
things, was modified. Additionally, the hacker left some information behind
that might be of interest to someone. My question is what do I do with the
information gathered? Is there some sort of central authority that tracks
this information? Does Sun / Cobalt want this information before I rebuild
the OS?
My apologies if I posted in the wrong list.
-Todd S.
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security