[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RAQ3 vulnerabilities
- Subject: Re: [cobalt-security] RAQ3 vulnerabilities
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 3 Dec 2001 20:48:36 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Nico,
> <Slightly OT>
> In a sense, this scares me (I am easily scared ;-P). Anyone with physical
> access to a RaQ[*] can boot it with a different (outdated?) kernel without
> keyboard/cable/terminal/password check. Yikes!
Someone with physical access to the server (Cobalt RaQ, E15K, Pentium box ...
doesn't matter) can do anything with it. That's an eventuality which you have
to live with when you can't guard the server yourself and have it colocation
somewhere. Preferably in the hands of a colo-center you trust. ;o)
> Do you know if this kernel includes networking support?
I'd be surprised if it hasn't. The hacked site (see begining of this topic)
seems to online even with the ROM kernel, so it must have network support.
--
With best regards
Michael Stauber
SOLARSPEED.NET