You did not buy a car without breaks, you bought a car without getting a drivers license first.
Well, Although I agree on the statement that Sun Cobalt should maybe put more effort in patching leakages, because they deliver a full product including the software, I think you overreact now. I guess they can expect the machines to be operated by skilled professionals. It's not a my first sony. Part of the skill would be to understand to a certain level the kind of thread there exists for a full-service server, and that this thread exists from the moment you put the network cable in. Ofcause no one can know everything, but I would expect you to know the basic operation skills needed to secure the machine to quite a high level, so stopping telnet, starting (and securing) sshd, putting on some kind of firewall or portsentry, checking logs, blocking machines, using tools like tripwire etc. etc. When you buy a totally equiped holliday van, "ready to take you anywhere you like", you can't complain if you hit the first tree because you don't know how to drive it. Jelmer ----- Original Message ----- From: "Simon Wilson" > Home to as many as 200 websites or a single, powerful dedicated server. > If you're a service provider, the Sun Cobalt RaQT server appliance is > the alternative to "big iron" servers. The Sun Cobalt RaQ server > appliance includes everything you need to begin hosting now. > > > A direct quote from Cobalts website. You see the last bit "everything > you need to begin hosting now". > Well read that as "everything you need provided you don't need it to be > secure and don't mind if it gets hacked within 24 hours" > > I bought a RAQ4 it's the first server I ever bought, I new nothing about > Linux, servers, dns, nothing. I bought it to host websites for my small > business. Within one week of subscribing to this list, reading manuals, > researching on the web, I realised that it is totally insecure. I had > bought a car without breaks, a house without doors, I might as well have > left it lying in the street with a sign on it saying "nick me". Since > that time I have had to learn vary quickly all about the security issues > and thanks to many people on this list I think my server stays > reasonably secure. > > My point is: had the advertising been honest, had it said on the box - > "looks good, nice spec but open door to hackers" I never would have > touched it. > > In English law a product must be fit to perform the purpose for which it > is sold. The RAQ4 out of the box is not fit to host websites. > > > __________________________________________ > Simon > > > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
