Re: [[cobalt-users] Server Hacked?]

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

I'm sorry, Manuel, but I'm sure you realize it would be quite imprudent of 
me to give out this kind of information, the less people that have it the 
better.

However, suffice it to say that you probably haven't implemented the fix to 
the majordomo exploit announced about a month ago.

And even if you have, don't think there aren't others.

And I'm nowheres near the best.  To be honest with you, I've never cracked 
a system. What I do is keep up on security, and constantly try exploits 
against my own systems.

The RaQ is NOT the most secure solution out there, but it's a reasonable 
trade-off.  The biggest weakness is that it comes, out of the box, with 
telnet running.

Unix itself isn't the most secure solution out there, btw <smile>, but you 
knew that.

In case anyone's planning to take me up on the offer, it was actually made 
tongue-in-cheek; I don't want to try to break into anyone else's 
system(s).  The liability is too great.

Jeff

At 11:20 PM 2/14/00 +0100, you wrote:
> > Let me have a telnet account on any of your Cobalt servers.
> >
> > Give me written permission to destruct-test your system for
> vulnerabilities.
> >
> > Give me ten minutes.
> >
> > I promise you'll have a system with a blank hard disk.
> >
> > That's a promise.
>
> Jeff,
>
> I would be interested in how you would like to do that (but I think it would
> be better not to give you telnet access :-)))
>
> If you would like, show me how you are doing this...

--
Jeff Lasman <jblists@xxxxxxxxxxxxx>