[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RAQ3 vulnerabilities
- Subject: Re: [cobalt-security] RAQ3 vulnerabilities
- From: Nico Meijer <nico.meijer@xxxxxxxxx>
- Date: Tue, 04 Dec 2001 11:10:01 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Michael,
Someone with physical access to the server (Cobalt RaQ, E15K, Pentium box ...
doesn't matter) can do anything with it. That's an eventuality which you have
to live with when you can't guard the server yourself and have it colocation
somewhere. Preferably in the hands of a colo-center you trust. ;o)
Luckily, I 'somewhat' trust my colo provider, although I am always
supicious. ;-)
I just wonder...
What good would physical access to any 'standard' (ie. no RaQ or equivalent
with all kinds of nifty buttons on the front) server do without any or all
of the following:
- serial cable connected to laptop/desktop
- ethernet connected to laptop/desktop
- screwdriver
- axe
- etc...
as far as "changing software specifications" on that server is concerned?
With that, I mean: load a different kernel, install software (rootkits,
trojans, etc.); you know the drill.
Of course, you can unplug a standard server, reboot it, shut it down and
all that, but you can't make it load another kernel by just pushing a
couple of buttons on the front or back of the machine, IIRC. If you can
have me stand corrected, please do. I will gladly publicly announce that I
then "stand corrected". :-)
What you said (or rather: my interpretation of what you said), is that
*anyone* with physical access to a RaQ[*] can make it reboot and load a
different kernel (ROM kernel). To me, that is scary, however small the
chance may be that someone illegally can get physical access to my RaQ.
I'd be surprised if it hasn't. The hacked site (see begining of this topic)
seems to online even with the ROM kernel, so it must have network support.
It probably has. I wonder if this ROM kernel is updateable, like a BIOS.
Thanks... Nico