[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Qubes - hacked

Subject: Re: [cobalt-security] Qubes - hacked
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Apr 2003 23:05:30 -0400
Organization: Front Street Networks LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tuesday 29 April 2003 12:53, Harald Kapper wrote:
> hi
> my 2cents here:
>
> I also saw recently a Q3 hacked (while it was not ours it was a
> not-yet-customer's one).
>
> it basically had its firewall disabled (noone afterwards knew why :-))
> and virtually everything was infected with ELF/Rst.B
>
> which opens backdoors and this like.
>
> anybody got an a) idea how it comes?
> and b) if there is someone at sun that could make an educated analysis of
> logfiles in order to show how / what happened?
>

You have to be very careful with Qubes2/3 and SMB.
If SMB is accessable throught the Internet, not only the Qubes but the 
workstations on the private net are accessable.
Firewall SMB for sure!

Gerald
-- 
http://frontstreetnetworks.com | http://store.raqware.com
ICQ: 229276628                        | AIM handle: raqware
Front Street Networks LLC      |  Phone: 203-785-0699
229 Front Street, Suite C, New Haven, CT 06513-3203

References:
- [cobalt-security] Qubes - hacked
  - From: Gavin Nelmes-Crocker
- Re: [cobalt-security] Qubes - hacked
  - From: Parker Morse
- Re: [cobalt-security] Qubes - hacked
  - From: Harald Kapper

Prev by Date: Re: [cobalt-security] Qubes - hacked
Next by Date: Re: [cobalt-security] Patching (Updating) Mr. Blue
Previous by thread: Re: [cobalt-security] Qubes - hacked
Next by thread: RE: [cobalt-security] Qubes - hacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index