[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] cobalt kb - resetting root/admin password
- Subject: Re: [cobalt-security] cobalt kb - resetting root/admin password
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 21:24:21 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Sean,
> to me, this doesn't seem like the best answer to put in the knowledge.
> does it concern anyone else as much as it does me? especially those of
> you that are running remote servers. i'm going to have several remote
> qubes running that shouldn't be mucked around with. if it's this easy to
> get into the box...
Anyone (capitalize this and put it in bright red colors) who has direct
physical access to any server is a dire security risk. For the Cobalt's all
you need is a paper clip. For other servers you just need to grab the
keyboard, reboot them and do some arcane wizardry which you can look up in a
good Linux book.
That's why server rooms are usually guarded, video monitored and under tight
access control. Only in very rare cases (call that a shabby business and one
to avoid <g>) they're put in public places like the lobby. Even though a Cray
might be best placed there to impress visitors and competitors. ;o)
But back to the issue: If my colocation ISP (or anyone else for that matter)
reboots my machine, or performs a login as admin or root, then I'll know
within a few minutes (internal and external monitoring is in place). Unless
they'll have some very good reasons they then have one customer less, which
they know.
--
With best regards,
Michael Stauber
SOLARSPEED.NET