At 18:10 13/03/02 +0000, you wrote:
Over the last 2 weeks we have had 6 Cobalts on our network HACKED!!! One was even hacked then taken down to be reloaded on a saturday afternoon and by the saturday night had been done again. They have been a mixture of raq3 & 4's which have all been fully patched to the hilt and with a few other security features added to the backend. WHAT'S GOING ON WITH THESE THINGS!!Behind a firewall they are fairly safe ( but getting them to work in the first place is a nightmare ), but without that security they are about as safe as a drunk with a box of matches. A brand spanking new raq4 went on to the network yesterday and by this morning it was about as useful as a chocolate teapot. Someone had got root access, taken off the latest patches and put his own version of SSH on the box. I am fully aware of a stint last year when even a cobalt engineer told me that there had been a spate of hacks that they didn't know how to fix!!!!Not that i expect too much of an answer from this email, but if there is a group of people that should know about these issues it's the mailing list and COBALT themselves. Does anybody at Cobalt ( sorry, i should say SUN ) actually care!!!
Maybe a packet sniffer on a local network, seems weird that the "HACKER" makes the box more expolitable by change the version of ssh on a box he has already hacked.
thats what id be looking for Maybe im wrong Regards Brett
-- Regards Steve Mansfield Technical Manager slm@xxxxxxxxxxxxx www.getreal.co.uk Real Data Services Ltd 117-119 Marlborough Road Romford Essex RM7 8AP[Office] +44 [0] 1708 704433 [Fax] +44 [0] 1708 748859 [Mobile] +44 [0] 7973 864677www.be-an-isp.com www.isdn4free.co.uk http://signup.getreal.co.uk ****************************************************************************************The information contained in this E-mail is confidential and solely for the intended addressee(s). Unauthorised reproduction, disclosure, modification, and/or distribution of this email may be unlawful. If you have received this email in error, please notifythe sender immediately and delete it from your system.Real Data Services does not accept legal responsibility for the contents of this message if it has reached you via the Internet, as Internet communications are not secure. Any opinions expressed are those of the author and are not necessarily endorsed by theReal Data Services.Recipients are advised to apply their own virus checks to this message on delivery.**************************************************************************************** _______________________________________________ cobalt-security mailing list cobalt-security@xxxxxxxxxxxxxxx http://list.cobalt.com/mailman/listinfo/cobalt-security