[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qubes - hacked

Subject: [cobalt-security] Qubes - hacked
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
Date: Tue, 29 Apr 2003 12:56:13 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi

Has anyone else been having problems with Qubes getting hacked?

If you run the latest version of chkrootkit it comes up with infected stuff,
login, and others as well as suggesting a show tee root kit.  The only
visible symptom to the user or sysadmin seems to be that the windows file
sharing server goes off line and won't come back up.

I'm not sure how they get in to start with, we tend to run the qubes a
little behind on the patching as they are not always a help if your Qube
goes down due to a patch error, however at this moment we are patching to
every last patch available on bluelink to try and lock this out.

The only way we can be sure of getting rid of the hack at the moment is to
do a full restore which is a real pain and reminds me to try again at
building an up to date OSRCD for Qubes.

Anyone else seeing the same?

Regards

Gavin

Follow-Ups:
- Re: [cobalt-security] Qubes - hacked
  - From: Jeroen Wunnink
- Re: [cobalt-security] Qubes - hacked
  - From: Parker Morse

Prev by Date: RE: [cobalt-security] file size limit
Next by Date: Re: [cobalt-security] Qubes - hacked
Previous by thread: RE: [cobalt-security] file size limit
Next by thread: Re: [cobalt-security] Qubes - hacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index