[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RAQ3 vulnerabilities

Subject: Re: [cobalt-security] RAQ3 vulnerabilities
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed, 05 Dec 2001 10:43:53 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Nico Meijer wrote:

> What good would physical access to any 'standard' (ie. no RaQ or equivalent
> with all kinds of nifty buttons on the front) server do without any or all
> of the following:
> 
> - serial cable connected to laptop/desktop
> - ethernet connected to laptop/desktop
> - screwdriver
> - axe
> - etc...
> as far as "changing software specifications" on that server is concerned?
> With that, I mean: load a different kernel, install software (rootkits,
> trojans, etc.); you know the drill.

Put in a floppy.  Reboot from the floopy.  The floppy has a kernel that
sends the system out to the 'net to upload rootkits, trojans, etc.

Actually not hard at all for a "standard" system with a floppy drive.

> *anyone* with physical access to a RaQ[*] can make it reboot and load a
> different kernel (ROM kernel).

Easy.  You can do it from the front panel.  How do you think the CD-Rom
restore works?

> To me, that is scary, however small the
> chance may be that someone illegally can get physical access to my RaQ.

Many hosting companies, especially the inexpensive ones, just have open
RaQs of machines.

A few months ago I was hired by a company to do a system rebuild, and
the VP had to accompany me to their colo.  Even though the colo company
had never seen him (they had seen me) before, they let us both in to
their server room (without making any authorization calls to see if
indeed I had authority to access the box that day, or if that guy even
was the VP), closed the solid door (no windows) to keep the
airconditioning in, and we had access to every system in there for over
an hour.

The VP had the system moved to another colocation center post haste.

When we colocate systems we put them all into one locked cabinet (locked
front and back by the way; always check the back).  However, if you come
in to work on your system colocated with us you do have access to all
the systems in the same cabinet <frown>.  The only way to do that is to
rent an entire cabinet, and now you're talking big money.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Nico Meijer

References:
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Nico Meijer
- Re: [cobalt-security] RAQ3 vulnerabilities
  - From: Nico Meijer

Prev by Date: Re: [cobalt-security] RAQ3 vulnerabilities
Next by Date: [cobalt-security] worried about seeing connections to :81
Previous by thread: Re: [cobalt-security] RAQ3 vulnerabilities
Next by thread: Re: [cobalt-security] RAQ3 vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index