[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Beyond me... RaQ Security Consultant needed

Subject: Re: [cobalt-security] Beyond me... RaQ Security Consultant needed
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon, 11 Feb 2002 21:19:13 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

John Adair wrote:

> What do you mean by "hacking" your customer's RaQ? By hack do you mean the
> individual obtained a certain UID and defaced your customer's web-site or
> something else?

Something else.  Already described under subject: "WEIRD".

> I would hire a small security consulting company

Which is exactly what I was hoping to find (and have found) through this
list <smile>.

> or find
> someone within your company that you can trust to do an audit of this RaQ.

I trust everyone within my company <smile>.  But I stay paranoid anyway
<smile, again>.

> Make sure the company isn't going to use automated tools and that they check
> the local fs(s) on that RaQ for potential security problems.

I know.  We don't have time for that kind of a check in real time right
now, but we'll have the drive examined after the next rebuild to a
very-hardened RaQ.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

References:
- RE: [cobalt-security] Beyond me... RaQ Security Consultant needed
  - From: John Adair

Prev by Date: Re: [cobalt-security] Beyond me... RaQ Security Consultant needed
Next by Date: Re: [cobalt-security] Apache running as root . . . .
Previous by thread: RE: [cobalt-security] Beyond me... RaQ Security Consultant needed
Next by thread: [cobalt-security] One weird HaQ... have you seen this..

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index