[EMAIL PROTECTED] wrote: > Send cobalt-security mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://list.cobalt.com/mailman/listinfo/cobalt-security > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cobalt-security digest..." > > Today's Topics: > > 1. RE: zcat stdout??? (Jose Luis Aguilar) > 2. Re: RE: 'On my Soap Box' (Norm Duncan) > 3. Re: What is robots.txt? (Kul) > 4. Re: RE: 'On my Soap Box' (Marc Gear) > 5. Re: RE: 'On my Soap Box' (Adam Sculthorpe) > 6. Re: Security Costs (Paul Gillingwater) > 7. RE: What is robots.txt? (Colin J. Raven) > 8. RaQ3 Hacked - Information Gathered (Administrator) > > --__--__-- > > Message: 1 > From: "Jose Luis Aguilar" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: [cobalt-security] zcat stdout??? > Date: Sun, 11 Mar 2001 16:36:08 -0400 > Reply-To: [EMAIL PROTECTED] > > This happened to our RaQ3 too after installing the vixie-cron Update 4.0.1 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Robbert > Hamburg > Sent: Sunday, March 11, 2001 6:07 AM > To: [EMAIL PROTECTED] > Subject: [cobalt-security] zcat stdout??? > Importance: High > > Hello, > > Today I received this on my mail it come originally from cron.weekly. > However I'm not sure what it is and wheter it posses any security threads. > Can you please give me some advice ??? > > Below is what i got. > > Sent: Sunday, March 11, 2001 4:22 AM > Subject: Cron <root@www> run-parts /etc/cron.weekly > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > zcat: stdout: Broken pipe > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > --__--__-- > > Message: 2 > Date: Sun, 11 Mar 2001 13:47:26 -0800 > From: "Norm Duncan" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: Re: [cobalt-security] RE: 'On my Soap Box' > Reply-To: [EMAIL PROTECTED] > > Please add me to the list of RAQ owners who are finding out that the buying of the >box and initial setup is the easy part. After having my RAQ3 hacked twice in 11 >months, I need help. Need to re-install OS on the 3 and and add some better >protection to my RAQ4r as needed. Is there a wizard out there who is available for >such work? I have neither the knowledge nor the time. > Norm D > > *********** REPLY SEPARATOR *********** > > On 3/6/2001 at 9:00 PM John Bailey wrote: > > >On Tue, 6 Mar 2001, Mark Anderson wrote: > > > >> Infact the opposite is true - there is such > >> a wealth of information available that admins have no excuse > >> for having bad security. To be a good hacker/cracker (choose > >> your media buzzword) > > > >There is a difference between the widely accepted definition of 'hacker' > >and that of 'cracker', you know. > > > >> the attacker has to have a level of skill > >> and knowledge that exceeds that of the admin. > > > >There are other issues to take into account though. For example, after > >the bind problems came to light, it took Cobalt 3(?) days to get upgraded > >.pkg files out (please note I'm not having a go at Cobalt here). During > >those three days, many RaQs and Qubes all over the net remained > >vulnerable. More knowledgable(?) admins had compiled their own > >replacements the minute they heard about the problem, but many admins > >don't know how to wield a "./configure ; make install". I think that this > >problem is more widespread on Cobalt machines, as they're sold on a 'you > >can administer it all though this web interface' basis. I know of a lot > >of people who got a harsh lesson in reality during those days, either by > >getting their machines compromised, or by being forced to learn admin > >tasks they hadn't originally thought they'd need. > > > >> An attacker sees the same mail on Bugtraq and tries it on a few > >> machines to see what he can get with a little effort. Not only > >> is it likely that the exploit code will have been gutted and > >> cease to actually work, but the attacker would need an equal > >> skill level as the original coder to fix it. > > > >I'd say that that depends on how badly the code's been gutted ... but > >aside from that, I don't think that most script kiddies are in the habbit > >of collecting code from bugtraq. They let someone else do the hardwork > >(be it writing the exploit or correcting kludged code) then they just > >point and root. > > > >> What I'm trying to point out is that protecting a server is > >> fall-off-my-chair-laughing easy. However to be a remotely good > >> attacker, it takes time, skill, intellect and a few drops of > >> luck. > > > >I take issue with that point in it's entirity. For a start, not all bugs > >get posted to BugTraq straight away .. how can you patch against bugs > >you're unaware of ? Even given that you know that a vulnerability exists > >and needs patching, it's only easy to you because you're familiar with > >linux. As I think everyone on this list should be painfully aware, it > >can take no skill at all to be an effective cracker. Kits such as Ramen, > >which are self propogating are a case in point. > > > >The bottom line that is all comes down to is (and this is quoted from a > >source I don't remember) that the admin has to be lucky all the time, the > >cracker only once. > > > >To take a better known quote to finish .. "Your confidence is your > >weakness". > > > >John > > > >_______________________________________________ > >cobalt-security mailing list > >[EMAIL PROTECTED] > >http://list.cobalt.com/mailman/listinfo/cobalt-security > > o > > --__--__-- > > Message: 3 > Date: Sun, 11 Mar 2001 23:08:58 +0000 > From: Kul <[EMAIL PROTECTED]> > Organization: Qax > To: [EMAIL PROTECTED] > Subject: Re: [cobalt-security] What is robots.txt? > Reply-To: [EMAIL PROTECTED] > > "Colin J. Raven" wrote: > > > On Thu, 8 Mar 2001, Siao Yuan Tan wrote: > > > Inside my Cobalt RaQ4r, i found this file robots.txt in /usr/admserv/html/ > > > folder with the following content: > > > > > > # Prevent all robots from visiting this site: > > > > > > User-agent: * > > > Disallow: / > > > > > > I come to know this file from the webalizer report because this file seem to > > > have a number of hits to it. Anyone know what is this file doing in my > > > server? > > > > > It's there to prevent spiders from roving through (and reporting on) your > > admin pages. .....<snip> > > Can I suggest it this is not in fact the case ! - meant nicely :) > It is really there to ***ASK*** robots / spiders not to perform the search (or used >in a normal context, to request limits as to what gets searched i.e. "Disallow >/images" is a common example). > "Rude" robots will not even bother looking at the file <g> > > I know its only symatics, but it is important for all to realise that this method >will "NOT" stop nosey robots ! > -- > Regards, > Kul > > --__--__-- > > Message: 4 > From: "Marc Gear" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] RE: 'On my Soap Box' > Date: Sun, 11 Mar 2001 21:30:58 -0000 > Reply-To: [EMAIL PROTECTED] > > > Please add me to the list of RAQ owners who are finding out that the > buying of the box and initial setup is the easy part. After having my RAQ3 > hacked twice in 11 months, I need help. Need to re-install OS on the 3 and > and add some better protection to my RAQ4r as needed. Is there a wizard out > there who is available for such work? I have neither the knowledge nor the > time. > > Norm D > > Security consultants cost the earth, and this mailing list is not a > recruitment agency for them anyway. You are far better learning to, and > doing it yourself. > > The (free) advice I will give you is to learn how to do it youself, as it > will cost you less money (and time) in the long run. Else, look elsewhere to > employ people to do it for you. Follow all the links below, and you are > going to be getting drastically more secure than the default cobalt install. > > http://www.cobalt.com/support/download/raq3 > http://www.cobalt.com/support/download/raq4 > http://www.enteract.com/~lspitz/linux.html > http://www.openssl.org > http://www.openssh.com > http://www.insecure.org/nmap > http://www.chkrootkit.org/ > http://www.tripwire.org/ > http://www.psionic.com/abacus/portsentry/ > http://www.psionic.com/abacus/logcheck/ > http://www.bastille-linux.org > > And if you manage all that then you are halfway towards making a halfway > secure server. > (that list is a lot longer than I intended... I guess there is maybe a lot > more to this security lark than people think and to think I left out tons of > links...) > -- > /\/\ a R ( > > --__--__-- > > Message: 5 > Date: Mon, 12 Mar 2001 00:55:17 +0000 > From: "Adam Sculthorpe" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [cobalt-security] RE: 'On my Soap Box' > Reply-To: [EMAIL PROTECTED] > > Norm's point was he didn't have the 'time' or 'knowledge' and sometimes this is hard >to > change when you have a business to run or other aspects to concentrate on, I would > suggest you contact Internet Security Systems at http://www.iss.net/ if you have the > money to pay for a solution. > > Also 'expensive' is a matter of numbers, if you stand to lose all of your clients >due to > a hack then I would argue differently. If the amount you stand to lose is significant > then I would suggest budgeting for security is a good thing. > > Do the numbers and find the right level of solution ! > > Regards, > > Adam Sculthorpe > > Internet Security Consultant > > *********** REPLY SEPARATOR *********** > > On 11/03/2001 at 21:30 Marc Gear wrote: > > >> Please add me to the list of RAQ owners who are finding out that the > >buying of the box and initial setup is the easy part. After having my RAQ3 > >hacked twice in 11 months, I need help. Need to re-install OS on the 3 and > >and add some better protection to my RAQ4r as needed. Is there a wizard out > >there who is available for such work? I have neither the knowledge nor the > >time. > >> Norm D > > > >Security consultants cost the earth, and this mailing list is not a > >recruitment agency for them anyway. You are far better learning to, and > >doing it yourself. > > > >The (free) advice I will give you is to learn how to do it youself, as it > >will cost you less money (and time) in the long run. Else, look elsewhere > >to > >employ people to do it for you. Follow all the links below, and you are > >going to be getting drastically more secure than the default cobalt > >install. > > > >http://www.cobalt.com/support/download/raq3 > >http://www.cobalt.com/support/download/raq4 > >http://www.enteract.com/~lspitz/linux.html > >http://www.openssl.org > >http://www.openssh.com > >http://www.insecure.org/nmap > >http://www.chkrootkit.org/ > >http://www.tripwire.org/ > >http://www.psionic.com/abacus/portsentry/ > >http://www.psionic.com/abacus/logcheck/ > >http://www.bastille-linux.org > > > >And if you manage all that then you are halfway towards making a halfway > >secure server. > >(that list is a lot longer than I intended... I guess there is maybe a lot > >more to this security lark than people think and to think I left out tons > >of > >links...) > >-- > >/\/\ a R ( > > > > > > > > > > > > > >_______________________________________________ > >cobalt-security mailing list > >[EMAIL PROTECTED] > >http://list.cobalt.com/mailman/listinfo/cobalt-security > > --__--__-- > > Message: 6 > Date: Mon, 12 Mar 2001 06:44:33 -0000 > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] Security Costs > From: "Paul Gillingwater" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Marc Gear <[EMAIL PROTECTED]> said: > > Security consultants cost the earth, and this mailing list is not a > > recruitment agency for them anyway. You are far better learning to, and > > doing it yourself. > > I agree, this list is not the best place to do this. However, maybe Cobalt > could maintain a list of such Security consultants who have Cobalt > experience, so you could find them on the Web site. With competition, you > might find a consultant you could afford. > > In general, it's an economic question. How much can your business afford to > lose, if your site is hacked and all data is lost? Of course, backups can > reduce some of the damage, but what about the downtime and loss of confidence > from your customers? The best business model I have seen is "Active > Insurance", where some companies offer an insurance policy (fixed monthly > payment) and in return, they patch your site for you and guarantee to fix it > for free if you are hacked. > -- > ********************************* > Paul Gillingwater > Managing Director > CSO Lanifex Unternehmensberatung > & Softwareentwicklung G.m.b.H. > NEW BUSINESS CONCEPTS > > E-mail: [EMAIL PROTECTED] > Telnum: +43/1/21 98 222 > Mobile: +43/699/1922 3085 > Webhome: http://www.lanifex.com > Address: Praterstrasse 60/1/2 > A-1020 Vienna, Austria > ********************************* > > --__--__-- > > Message: 7 > From: "Colin J. Raven" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: [cobalt-security] What is robots.txt? > Date: Mon, 12 Mar 2001 08:50:46 -0500 > Reply-To: [EMAIL PROTECTED] > > >"Colin J. Raven" wrote: > > > >> On Thu, 8 Mar 2001, Siao Yuan Tan wrote: > >> > Inside my Cobalt RaQ4r, i found this file robots.txt in > >/usr/admserv/html/ > >> > folder with the following content: > >> > > >> > # Prevent all robots from visiting this site: > >> > > >> > User-agent: * > >> > Disallow: / > >> > > >> > I come to know this file from the webalizer report because > >this file seem to > >> > have a number of hits to it. Anyone know what is this > >file doing in my > >> > server? > > > >> > >> It's there to prevent spiders from roving through (and > >reporting on) your > >> admin pages. .....<snip> > > > >Can I suggest it this is not in fact the case ! - meant nicely :) > >It is really there to ***ASK*** robots / spiders not to > >perform the search (or used in a normal context, to request > >limits as to what gets searched i.e. "Disallow /images" is a > >common example). > >"Rude" robots will not even bother looking at the file <g> > > > >I know its only symatics, but it is important for all to > >realise that this method will "NOT" stop nosey robots ! > >-- > Ah yes indeed, you are *so* correct Kul. I was semantically incorrect, > and the correct explanation is the one you tendered above. Thank you for > the clarification, it *is* a most important distinction. > Regards, > -Colin > -- > Colin J. Raven > > --__--__-- > Dear Todd S. You can submmit the information to cert.org . And it will be a good job if you let the world know about this. May be you can post the summary later on at linuxsecurity.com . (pardon me if i do not know how to post in a mailling list, i hope i'll learn quick . Error ! ) Kevin > > Message: 8 > From: Administrator <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Date: Thu, 8 Mar 2001 11:05:08 -0600 > Subject: [cobalt-security] RaQ3 Hacked - Information Gathered > Reply-To: [EMAIL PROTECTED] > > Recently, my Raq3 was hacked. I was able to get back into the system with > the ROM boot method. I was able to determine that the kernel, among other > things, was modified. Additionally, the hacker left some information behind > that might be of interest to someone. My question is what do I do with the > information gathered? Is there some sort of central authority that tracks > this information? Does Sun / Cobalt want this information before I rebuild > the OS? > My apologies if I posted in the wrong list. > -Todd S. > > --__--__-- > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > End of cobalt-security Digest
begin:vcard n:Verma;Kevin tel;fax:+91-261-228421 tel;work:+91-261-217895 x-mozilla-html:TRUE org:Venus Infotech Private Limited;Technical Department version:2.1 email;internet:[EMAIL PROTECTED] title:Sysytems Administrator adr;quoted-printable:;;116, Parle Point Place, Parle Point, Athwalines=0D=0A;Surat;Gujrat;395007;INDIA x-mozilla-cpt:;0 fn:Kevin Verma end:vcard
