[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Hacked RaQ4 - findings
- Subject: Re: [cobalt-security] Hacked RaQ4 - findings
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 18 Apr 2001 23:18:25 +0200
- Organization: Forumworld.com
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Bill,
> Paranoia is good in this case =)
Sure thing. ;o)
> Its a good idea to download all the patches for the machine you are
> restoring, then hook it up to the client PC with a crossover cable so
> those two machines are connected only to one another. Then restore and
> update the server. Add any other protection you feel is necessary and
> then put it back on the network.
Well, sounds all good and fine and if I had physical access to the RaQ I'd
certainly follow this approach. However, it's in colocation on the other side
of the Atlantic. I'll leave that matter between tech-support of the ISP and
the customer. I'm just the outside contractor they asked for help. ;o)
> BTW, CGI is a really bad area for exploits. Misconfigured CGI scripts
> can cause the worst problems for server admins.
I know, as PERL is one of my native tongues. ;o) However, the CGI-wrapper on
the cobalt boxes does a good job and with proper configuration you can get
this danger under good control. Perlscripts will always be executed with the
rights of the person who started it (or who owns it), so there should be
little danger from that end.
Mit freundlichen Grüßen / Best regards
Michael Stauber