[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: OT: SSL Certs

Subject: Re: [cobalt-security] Re: OT: SSL Certs
From: "Up The Blues" <blue@xxxxxxxxxxxxxxxxx>
Date: Sun, 18 Aug 2002 10:03:06 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Just one site.

You used to be able to buy a wildcard cert from them as well. you need to
email them for the info though.

regards

Lee


----- Original Message -----
From: "Bill McToy" <mcnetec@xxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sunday, August 18, 2002 5:52 AM
Subject: [cobalt-security] Re: OT: SSL Certs


> Lee,
> Is the certificate for the entire server or just one site?
>
> Bill
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
> cobalt-security-request@xxxxxxxxxxxxxxx
> Sent: Saturday, August 17, 2002 12:00 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: cobalt-security digest, Vol 1 #882 - 10 msgs
>
>
> Send cobalt-security mailing list submissions to
> cobalt-security@xxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://list.cobalt.com/mailman/listinfo/cobalt-security
> or, via email, send a message with subject or body 'help' to
> cobalt-security-request@xxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> cobalt-security-admin@xxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cobalt-security digest..."
>
>
> Today's Topics:
>
>    1. Re: OT:  SSL Certs (Up The Blues)
>    2. RE: OT:  SSL Certs (Bradley Caricofe)
>    3. RE: OT:  SSL Certs (craig)
>    4. RE: OT:  SSL Certs (njd76)
>    5. Re: Security Hardening Update 2.0.1 MAJOR    FLAW!!!!!!  ACTION
> REQUIRED! (Zeffie)
>    6. Re: Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION
REQUIRED!
> (Zeffie)
>    7. Re: Security Hardening Update 2.0.1 MAJOR
>        FLAW!!!!!!  ACTION REQUIRED! (Mailing Lists)
>    8. Re: Security Hardening Update 2.0.1 MAJOR           FLAW!!!!!!
ACTION
> REQUIRED! (Zeffie)
>    9. Re: Security Hardening Update 2.0.1 MAJOR           FLAW!!!!!!
ACTION
> REQUIRED! (Michael Stauber)
>
> --__--__--
>
> Message: 1
> From: "Up The Blues" <blue@xxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-security] OT:  SSL Certs
> Date: Fri, 16 Aug 2002 20:11:44 +0100
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> Try Geotrust.
>
>
> Cheap and works well.
>
> regards
>
> Lee
>
>
> ----- Original Message -----
> From: "Chris Burchell" <cburchell@xxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Friday, August 16, 2002 3:55 PM
> Subject: [cobalt-security] OT: SSL Certs
>
>
> > I'm looking for an inexpesive option for obtaining an SSL certificate.
> >
> > So far, I see:
> >
> > Thawte - 1 year:  $200
> > VeriSign - 1 year:  $400
> > IPSCA - 2 years:  $69
> >
> >
> > I'm inclined to go with a name like Thawte, but has anyone had
experience
> with certs from IPSCA?
> >
> > Are there any other relatively inexpensive places to buy SSL certs?
> >
> > Regards,
> > Chris
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
>
> --__--__--
>
> Message: 2
> Date: Fri, 16 Aug 2002 16:59:03 -0400
> From: Bradley Caricofe <caricofe@xxxxxxxxxxx>
> Subject: RE: [cobalt-security] OT:  SSL Certs
> To: cobalt-security@xxxxxxxxxxxxxxx
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> > I'm looking for an inexpesive option for obtaining an SSL certificate.
> >
> > So far, I see:
> >
> > Thawte - 1 year:  $200
> > VeriSign - 1 year:  $400
> > IPSCA - 2 years:  $69
>
> I've tried a couple from RackShack.net for $50 and they work great.
>
> -Brad
>
> --__--__--
>
> Message: 3
> Date: Sat, 17 Aug 2002 09:27:24 +1200 (NZST)
> From: craig <craig@xxxxxxxxxxxxx>
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] OT:  SSL Certs
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> > > I'm looking for an inexpesive option for obtaining an SSL certificate.
> > >
> > > So far, I see:
> > >
> > > Thawte - 1 year:  $200
> > > VeriSign - 1 year:  $400
> > > IPSCA - 2 years:  $69
> >
> > I've tried a couple from RackShack.net for $50 and they work great.
> >
> There is also
> instantssl.com
> freessl.com
>
> most of the cheaper ones only work with IE 5.01 x and above and NE 4.7 and
> above
>
>
>
>
> --__--__--
>
> Message: 4
> From: "njd76" <njd76@xxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: RE: [cobalt-security] OT:  SSL Certs
> Date: Fri, 16 Aug 2002 17:51:48 -0400
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> Great site I found that compares them all for you.
> www.whichssl.com
>
>
>
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of craig
> Sent: Friday, August 16, 2002 5:27 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-security] OT: SSL Certs
>
> > > I'm looking for an inexpesive option for obtaining an SSL
> certificate.
> > >
> > > So far, I see:
> > >
> > > Thawte - 1 year:  $200
> > > VeriSign - 1 year:  $400
> > > IPSCA - 2 years:  $69
> >
> > I've tried a couple from RackShack.net for $50 and they work great.
> >
> There is also
> instantssl.com
> freessl.com
>
> most of the cheaper ones only work with IE 5.01 x and above and NE 4.7
> and
> above
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> --__--__--
>
> Message: 5
> From: "Zeffie" <cobaltlist@xxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR
> FLAW!!!!!!  ACTION REQUIRED!
> Date: Sat, 17 Aug 2002 03:17:47 -0400
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> > Like the man says, just disable logging/emails
> >
> > I am sure it will just be a remotely exploitable filelimit / email ddos,
> >
> > Each scan will result in an admin email,  do enough scans form enough
> > simulated host in such a short period, and the box will die due to
> > number of concurrent open emails / drain on resources sending them..
>
> you are incorrect sir...
>
> > I could be wrong tho.. :)
>
> you are :)
>
> Zeffie
> http://www.zeffie.com/
>
>
>
> --__--__--
>
> Message: 6
> From: "Zeffie" <cobaltlist@xxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR
> FLAW!!!!!! ACTION REQUIRED!
> Date: Sat, 17 Aug 2002 05:15:49 -0400
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> > > The recent RaQ4-en-Security-2.0.1-SHP.pkg allows a remote attacker to
> > > cause system crashes.  To avoid this I suggest you disable the Scan
> > > Detection in Parameters by selecting "do nothing".  Else you might not
> be
> > > happy...
> > > I have written a small script that can reproduce the problem
> consistently.
> > > I don't seem to be able to find any way to contact Sun cobalt about
> this.
> > > what to do?  maybe a whitepaper advert??
> > > Sun Cobalt Please Call or contact me
> > Email Shaun White (shaun.white@xxxxxxx) - he's in charge of security
> > stuff, and runs cobalt-security list as well...
> > Bruce Timberlake
> > Cobalt/Linux Technology Engineer
> > Communications Market Area
> > Sun Microsystems, Inc. - San Diego
>
> done.
> I have ask Shaun to let me know that he has received it.
>
> Zeffie
> http://www.zeffie.com/
>
>
>
> --__--__--
>
> Message: 7
> Date: Sat, 17 Aug 2002 07:38:30 -0500
> Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR
> FLAW!!!!!!  ACTION REQUIRED!
> From: Mailing Lists <listonly@xxxxxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> on 8/17/02 2:17 AM, Zeffie stated:
>
> >> Like the man says, just disable logging/emails
> >>
> >> I am sure it will just be a remotely exploitable filelimit / email
ddos,
> >>
> >> Each scan will result in an admin email,  do enough scans form enough
> >> simulated host in such a short period, and the box will die due to
> >> number of concurrent open emails / drain on resources sending them..
> >
> > you are incorrect sir...
> >
> >> I could be wrong tho.. :)
> >
> > you are :)
> >
> > Zeffie
> > http://www.zeffie.com/
> >
> What is the issue with SHP installed on the Raq4's???
>
> Dave
>
>
> --__--__--
>
> Message: 8
> From: "Zeffie" <cobaltlist@xxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR
> FLAW!!!!!!  ACTION REQUIRED!
> Date: Sat, 17 Aug 2002 13:06:16 -0400
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> > > Well, theoretically it is not impossible to save all replaced files in
a
> > > safe place (== directory unique to this package), together with
> > > checksums of _replacing_ files.  Then the uninstaller could restore
the
> > > files from backup, and do it only if they where not replaced by yet
> > The underlying OS on the Cobalt's is an RPM based Linux distribution.
You
> > install and uninstall RPM packages at leizure - as often as you want.
> > Ok, lets say we install the package Neomail-1.20-1.PKG which contains
the
> > file neomail-1.2.5-1.noarch.rpm. When you install a PKG file (which
> > one or more RPMs), then the RPMs are deleted after installation as they
> > no longer needed. That's a standard procedure of the PKG installation
> > With "rpm -ql neomail-1.2.5-1" you can query which files it brought
aboard
> > where they are on the system. However, you cannot (reasonably) recreate
> > neomail-1.2.5-1.noarch.rpm and tuck it away as backup. The PKG file with
> > which we installed it is gone and also the RPM which it contained has
been
> > erased automatically after or during the installation.
>
> Actually you could...  and in some cases it's good to backup your configs
> depending on who and how the rpms where built.
>
> > Lets spin this thought further
> Oh my head!
> > Now we install a newer PKG file of the same software: Neomail-1.20-2.PKG
> > It contains neomail-1.2.5-2.noarch.rpm and upon installation it replaces
> > files which the older neomail-1.2.5-1.noarch.rpm brought aboard.
> > Lets assume we don't like the new Neomail and want to go back to the old
> > But even if we backed up all files of the old neomail-1.2.5-1.noarch.rpm
> > copy 'em back to where they belong: The RPM database still will claim
that
> > the newer RPM neomail-1.2.5-1.noarch.rpm is installed.
>
> that's because we don't do things like that.  We would just reinstall the
> old rpm.  If for some reason we can't move forward.  which doesn't happen
> often because of the ways we build things.  (me anyway)
>
> > So although the original functionality could be restored by a smart and
> > automated uninstaller, it wouldn't restore the server to the same exact
> > condition, as the RPM database still claims otherwise. Unfortunately the
> > RPM
> > database is usually the authority which an installer queries to find out
> > it's OK to go ahead with an installation or not.
> > For unimportant stuff like Nemail this is of no consequence, but for
> > critical
> > stuff like Apache, Sendmail, Qpopper, IMAP and so on it's a different
>
> there is no diffrence.  you should still manage all files on a system.  .
>
> > The resolution would be:
> > If an installer replaced an existing (older) RPM, then a proper and
> > complete
> > uninstall has to reinstall the old RPM which previously was aboard. But
> > where
> > do you get it from when RPMs are always deleted after PKG installation?
>
> well thats what we have ftp sites for. :)
> Granted that Sun.Cobalt does not have a location where we can get current
> rpms and srpms.
> grrrrrr
>
> ak
> > It could be remotely downloaded from the internet and then installed.
> > ftp.cobalt.com contains the RPMs which a stock and unpatched RaQ usually
> > aboard. That would be one possibility in case were third party software
> > installs RPM which replace system services. Or an uninstaller could
> > download
> > and (partially or completly) re-install the official Sun Cobalt PKG
which
> > contains the replaced RPM file in such a case.
>
> not really because there are scripts inside of rpms and like a program
there
> is an order to these things..
>
> <snip>
>
> > FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o)
> > Michael Stauber
> > Unix/Linux Support Engineer
>
> Ok I'm starting to see the problem.  But I knew it the first time I saw
your
> work. :) This is not windows.
> Things work much different here..  In the development of rpms we have the
> ability to verify how things are building through simple testing before
> installing on production machines and then we are installing the same
exact
> thing.  We don't do ./configure make make install all over.  There is
rarely
> a need at all to uninstall things...  Unlike MS we build things correctly
> and maintain various versions.  Which sometimes can make it into
> production... but only after development on devel boxes.
>
> There are reasons for all this rpm fun.
>
> Zeffie
> http://www.zeffie.com/
> "Windows 2000 Support Engineer" (not)
>
>
>
> --__--__--
>
> Message: 9
> From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
> Organization: SOLARSPEED.NET
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR
> FLAW!!!!!!  ACTION REQUIRED!
> Date: Sat, 17 Aug 2002 19:35:51 +0200
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> Hi Zeffie,
>
> > that's because we don't do things like that.  We would just reinstall
the
> > old rpm.
>
> EXACTLY. ;o) That's how do do it properly. That's how you and I and a few
> others would do it.
>
> The whole point I was trying to make with my previous message was about
> that.
> You can't reasonably put that much logic in an installer that it in all
> cases
> allows you to go back all the way if something fails. In some cases you
can
> do it, but not in all.
>
> > If for some reason we can't move forward.  which doesn't happen
> > often because of the ways we build things.  (me anyway)
>
> Same here.
>
> > Granted that Sun.Cobalt does not have a location where we can get
current
> > rpms and srpms. grrrrrr
>
> Yeah, I also agree that this would make life a whole deal easier if it
were
> otherwise. :o(
>
> > >  Or an uninstaller could download
> > > and (partially or completly) re-install the official Sun Cobalt PKG
> which
> > > contains the replaced RPM file in such a case.
> >
> > not really because there are scripts inside of rpms and like a program
> > there is an order to these things..
>
> If you'd do an uninstaller that way, then you'd have to take that into
> account, of course. But in most cases the scripts in the RPM are very well
> needed, so that's not a problem. If it is, then there is always the
> --noscripts parameter of the RPM command.
>
> > > FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o)
>
> > Ok I'm starting to see the problem.  But I knew it the first time I saw
> > your work. :) This is not windows.
>
> You don't know anything about me, dear colleague. I'm a Linux man trough
and
> through. The only thing I use Windows for is for accounting and for web-
and
> image design.
>
> > In the development of rpms we have the ability to verify how things are
> > building through simple testing before installing on production machines
> and
> > then we are installing the same exact thing.
>
> You're preaching to the choir, so please turn around if you want to
continue
> your lecture. ;o)
>
> I was using that analogy just to show that even in the Windows world (to
> which
> so many others are used to) a clean uninstall is sometimes not possible.
> "Clean" and Windows are contradicting terms anyway <shrug>.
>
> > There are reasons for all this rpm fun.
>
> I wouldn't exactly call it fun, especially not after porting 20 RPMs from
> the
> Qube3 to the RaQ550, which is what I did the last two days.
>
> --
>
> With best regards,
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
>
>
>
> --__--__--
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> End of cobalt-security Digest
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
References:
- [cobalt-security] Re: OT: SSL Certs
  - From: Bill McToy
Prev by Date: [cobalt-security] Re: OT: SSL Certs
Next by Date: [cobalt-security] Votre message
Previous by thread: [cobalt-security] Re: OT: SSL Certs
Next by thread: [cobalt-security] Votre message
Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index