Re: [cobalt-users] Raq3 admin & root passwords

[jk@xxxxxxxxxxxx (Jens Kristian Søgaard)]

"Michael Zimmermann" <zim@xxxxxxxx> writes:

> > > Is the root password different than the admin password?
> > It's normally the same.

> If this is so, change it.

You do know, that the Cobalt interface requires those two to be the
same? (as long as you only want to use their interface for setting
passwords)

> While being online for some time tonight, it came to my attention,
> that two of the RaQs of members of this list have been severely
> hacked. Both admins used telnet to connect and work as root.
> A coincidence? I don't think so. An other secuity hole than

I think so. Unencrypted telnet is not as large a security hole as you
may think.

You need more information to draw the conclusion you do. The trouble
about using telnet unencrypted is mostly due to these two risks:

        1. People on your LAN snopping the password.

        2. People on the server's LAN snooping the password.

For most people number 2 is not a problem.

So you should look at number 1 -- is that a problem is this case?

If not, then it's very unlikely to be a snopping problem, that got
their machines cracked.

Rather go look at some of the weird security updates that Cobalt has
sent out. Were they all updated?

> telnet? Perhaps, but it's a fact, that this telnet-window was
> left open on both hacked machines.

So you say that someone _hi-jacked_ a connection?

Very, very unlikely when we are talking Linux machines (that has very
unpredictable seq-numbers)


-- 
Jens Kristian Søgaard,
jk@xxxxxxxxxxxx -- http://www.jksoegaard.dk/
Søger du noget? -- http://www.google.com/
echo|perl -ple'$_+=4E-6*!int rand()**2+rand()**2while$i++-1E6'