[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available

Subject: Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
From: Render-Vue <sales@xxxxxxxxxxxxxx>
Date: Tue, 05 Mar 2002 17:38:09 +1300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

My 2 cents worth...

Michael may have been the first one to report the spyware on the newsgroup,but the developer Andres was already confronted about it after we installedthe pkg on Sunday New Zealand time.

The way we found out about it was by simply checking our logs after it wasinstalled, we noticed in the mail logs that an email went out to Andres andCobaltnet via root.

Andres was immediately contacted by us and asked to explain his actions...

So how many people have been checking their logs regularly then? Speakabout security :)

Andres explination was as you see here - he was following the guide lineslaid down for creating pkg's.

I thanked Andres for explaining this and have also requested that I see acopy of the email that was automatically sent out.

Now before I even had time to get on to the newsgroup the "witch hunt" hadstarted.

I think everyone should lay off the man, he's provided a package that wasnon-exsistant for us RaQ3 users, he's explained his actions and has sinceremoved the "required" registration email routine.



Regards

Chae

Follow-Ups:
- Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
  - From: MikeM

Prev by Date: Re: [cobalt-security] Know your PKGs [was: Unofficial PHP 4.1.2 PKG available]
Next by Date: Re: [cobalt-security] pro's and cons of not letting GUI change ro ot password
Previous by thread: Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available
Next by thread: Re: AW: [cobalt-security] Unofficial PHP 4.1.2 PKG available

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index