[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Am I missing something here
- Subject: [cobalt-security] Am I missing something here
- From: Steve Mansfield <slm@xxxxxxxxxxxxx>
- Date: Wed, 13 Mar 2002 18:10:28 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! One
was even hacked then taken down to be reloaded on a saturday afternoon
and by the saturday night had been done again. They have been a mixture
of raq3 & 4's which have all been fully patched to the hilt and with a
few other security features added to the backend. WHAT'S GOING ON WITH
THESE THINGS!!
Behind a firewall they are fairly safe ( but getting them to work in the
first place is a nightmare ), but without that security they are about
as safe as a drunk with a box of matches. A brand spanking new raq4 went
on to the network yesterday and by this morning it was about as useful
as a chocolate teapot. Someone had got root access, taken off the latest
patches and put his own version of SSH on the box. I am fully aware of a
stint last year when even a cobalt engineer told me that there had been
a spate of hacks that they didn't know how to fix!!!!
Not that i expect too much of an answer from this email, but if there is
a group of people that should know about these issues it's the mailing
list and COBALT themselves. Does anybody at Cobalt ( sorry, i should say
SUN ) actually care!!!
--
Regards
Steve Mansfield
Technical Manager
slm@xxxxxxxxxxxxx
www.getreal.co.uk
Real Data Services Ltd 117-119 Marlborough Road Romford Essex RM7 8AP
[Office] +44 [0] 1708 704433 [Fax] +44 [0] 1708 748859 [Mobile] +44 [0]
7973 864677
www.be-an-isp.com
www.isdn4free.co.uk http://signup.getreal.co.uk
****************************************************************************************
The information contained in this E-mail is confidential and solely
for the intended
addressee(s). Unauthorised reproduction, disclosure, modification,
and/or distribution
of this email may be unlawful. If you have received this email in
error, please notify
the sender immediately and delete it from your system.
Real Data Services does not accept legal responsibility for the
contents of this message
if it has reached you via the Internet, as Internet communications are
not secure.
Any opinions expressed are those of the author and are not necessarily
endorsed by the
Real Data Services.
Recipients are advised to apply their own virus checks to this message
on delivery.
****************************************************************************************