Re: [cobalt-security] RAQ3 vulnerabilities

[Nico Meijer <nico.meijer@xxxxxxxxx>]

Hi Michael,

> Someone with physical access to the server (Cobalt RaQ, E15K, Pentium box ...
> doesn't matter) can do anything with it. That's an eventuality which you have
> to live with when you can't guard the server yourself and have it colocation
> somewhere. Preferably in the hands of a colo-center you trust. ;o)

Luckily, I 'somewhat' trust my colo provider, although I am always 
supicious. ;-)

I just wonder...

What good would physical access to any 'standard' (ie. no RaQ or equivalent 
with all kinds of nifty buttons on the front) server do without any or all 
of the following:

- serial cable connected to laptop/desktop
- ethernet connected to laptop/desktop
- screwdriver
- axe
- etc...

as far as "changing software specifications" on that server is concerned? 
With that, I mean: load a different kernel, install software (rootkits, 
trojans, etc.); you know the drill.

Of course, you can unplug a standard server, reboot it, shut it down and 
all that, but you can't make it load another kernel by just pushing a 
couple of buttons on the front or back of the machine, IIRC. If you can 
have me stand corrected, please do. I will gladly publicly announce that I 
then "stand corrected". :-)

What you said (or rather: my interpretation of what you said), is that 
*anyone* with physical access to a RaQ[*] can make it reboot and load a 
different kernel (ROM kernel). To me, that is scary, however small the 
chance may be that someone illegally can get physical access to my RaQ.

> I'd be surprised if it hasn't. The hacked site (see begining of this topic)
> seems to online even with the ROM kernel, so it must have network support.

It probably has. I wonder if this ROM kernel is updateable, like a BIOS.

Thanks... Nico