[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ1 hacked

Subject: Re: [cobalt-security] RaQ1 hacked
From: "Zeffie" <cobalt-secur@xxxxxxxx>
Date: Tue, 25 Sep 2001 08:31:31 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>Regarding the sniffing....

>'m not a linux Guru, but I think he should also use SSL for the admin
interface...
infact the admin password for shell access and webadmin are the same... and
if the hacker
is sniffing the port 80 then he will be able to manage his access....thru
Telnet and even SSH...

>My gut instinct on this is that there is a sniffer somewhere between him
and his server -- your advice to him to use SSH instead of telnet would
solve that problem. He should also check his computer for worms/viruses, and
check all of his other servers for interfaces running in promiscuous mode.
He should also get in touch with his ISP and have them look for sniffers.

<Big Big html Big Snip>

My gut feeling is he should also be checking his local computer for
problems... and that he might of been reinstalling old passwords from the
"hacked file"

Those Raq1 to Raq2 updates don't always go the smoothest either....

Zeffie
http://www.zeffie.com/

References:
- Re: [cobalt-security] RaQ1 hacked
  - From: Andrew Mottaz
- Re: [cobalt-security] RaQ1 hacked
  - From: Davide Crudo

Prev by Date: Re: [cobalt-security] SSH for RAQ4?
Next by Date: [cobalt-security] Man Hole and files to fix with a message
Previous by thread: Re: [cobalt-security] RaQ1 hacked
Next by thread: [cobalt-security] Re: RaQ1 hacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index