[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Am I missing something here

Subject: [cobalt-security] Am I missing something here
From: Steve Mansfield <slm@xxxxxxxxxxxxx>
Date: Wed, 13 Mar 2002 18:10:28 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! Onewas even hacked then taken down to be reloaded on a saturday afternoonand by the saturday night had been done again. They have been a mixtureof raq3 & 4's which have all been fully patched to the hilt and with afew other security features added to the backend. WHAT'S GOING ON WITHTHESE THINGS!!

Behind a firewall they are fairly safe ( but getting them to work in thefirst place is a nightmare ), but without that security they are aboutas safe as a drunk with a box of matches. A brand spanking new raq4 wenton to the network yesterday and by this morning it was about as usefulas a chocolate teapot. Someone had got root access, taken off the latestpatches and put his own version of SSH on the box. I am fully aware of astint last year when even a cobalt engineer told me that there had beena spate of hacks that they didn't know how to fix!!!!

Not that i expect too much of an answer from this email, but if there isa group of people that should know about these issues it's the mailinglist and COBALT themselves. Does anybody at Cobalt ( sorry, i should saySUN ) actually care!!!



--
Regards

Steve Mansfield
Technical Manager
slm@xxxxxxxxxxxxx
www.getreal.co.uk

Real Data Services Ltd 117-119 Marlborough Road Romford Essex RM7 8AP

[Office] +44 [0] 1708 704433 [Fax] +44 [0] 1708 748859 [Mobile] +44 [0]7973 864677

www.be-an-isp.comwww.isdn4free.co.uk http://signup.getreal.co.uk



****************************************************************************************

The information contained in this E-mail is confidential and solelyfor the intendedaddressee(s). Unauthorised reproduction, disclosure, modification,and/or distributionof this email may be unlawful. If you have received this email inerror, please notify

 the sender immediately and delete it from your system.

Real Data Services does not accept legal responsibility for thecontents of this messageif it has reached you via the Internet, as Internet communications arenot secure.Any opinions expressed are those of the author and are not necessarilyendorsed by the

 Real Data Services.

Recipients are advised to apply their own virus checks to this messageon delivery.



****************************************************************************************

Follow-Ups:
- Re: [cobalt-security] Am I missing something here
  - From: Jeff Lasman
- Re: [cobalt-security] Am I missing something here
  - From: Brett Wright
- Re: [cobalt-security] Am I missing something here
  - From: Gerald Waugh
- Re: [cobalt-security] Am I missing something here
  - From: David Lucas
- Re: [cobalt-security] Am I missing something here
  - From: Steve Werby

Prev by Date: RE: [cobalt-security] Double Free Bug in ZLIB Compression Library
Next by Date: Re: [cobalt-security] Approved AFXR
Previous by thread: Re: [cobalt-security] New Vulnerability - zlib - Red Hat is vulnerable
Next by thread: Re: [cobalt-security] Am I missing something here

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index