Re: [cobalt-security] Results of Forensics Examination of Compromised RaQ 4

["Menno s mail list account" <lists@xxxxxxxxx>]

Although this is useful, what the hell is Sun, and your "vulnerability assessment team" doing with regards to vulnerabilities to RaQs found every week??

Your email seems to suggest rather rudely that our RaQs are compromised due to indadequate patching, rather than lack of any patches from Sun.

IMHO there is absolutely no support from Sun regarding recent vulnerabilities. Often any packages they release to address issues are weeks if not months too late. In that precious time our RaQs could be compromised, if it were not for the great advice given on this list on how to manually patch these problems. In fact the only package support we seem to get half the time comes from the "unofficial" pkgmaster site.

I have in the past recommended Sun RaQs, but over the last two years have increasingly recommended standard linux distros, mainly because patches for vulnerabilities are available much sooner.

Perhaps every Linux person in Sun is working on Madhatter, and doesnt give a toss about current customers :(

Menno

24/01/2003 14:08:06, Charles Smith <charles.smith@xxxxxxx> wrote:

>
>
>  From:   Charles Smith <charles.smith@xxxxxxx>
>  To:     cobalt-security <cobalt-security@xxxxxxxxxxxxxxx>
>
>  Cc:     Columbus Staff <csabu-cmh-staff@xxxxxxxxxxxxxxx>, Tony Placilla
>          <anthony.placilla@xxxxxxx>
>  Subject:[cobalt-security] Results of Forensics Examination of Compromised
>          RaQ 4
>  Date:   Fri, 24 Jan 2003 09:08:06 -0500
>
>
>  Recently my was asked to assist in determining
>  the root cause of a compromise of a customer's RaQ 4 that was alleged to be
>  totally patched. Upon investigation, a summary of which appears below, it
>  was determined the appliance had actually been compromised prior to being
>  properly patched and had not been thoroughly eradicated after detection of
>  the compromise thus negating any subsequent patching effort.