[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re:[2] [cobalt-users] Bind Hack
- Subject: Re:[2] [cobalt-users] Bind Hack
- From: Rik Thomas <rikt@xxxxxxxxxxxx>
- Date: Fri Feb 9 16:21:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Hi Carrie !
>
> Your mail gave me a real warm feeling !!! Since that was exactely what I thougt.
> No - you are not the only paranoid person out there ;-)
>
> What I did was sending them an e-mail and starting a discussion with one of their
> technicians. And from the answers I could feel that they are pretty pissed by that
> thing. So I assumed that it is a real thing ... and I installed the patch.
>
> The package they delivered came from their server and it would be a real big
> hack, if that was compromised too.
>
> I checked everything now, changed passwords - we'll see.
>
> What I really want to know is, in which way the system was compromised. They
> sure took the passwords, but what else. What should I do now ? Doing as if
> nothing happened ? How would I know if a little trojan is now sitting somewhere ?
>
> Hrgrrrrrrr ! As if I was sitting around only fumbeling my balls ...
>
> It's after midnight now - time for a little break.
> Happy Weekend ;-)
> Thomas
>
> P.S.: Thanx to everybody else who helped with an answer. I really appreciated it !!!
If you are looking for evidence of the bind hack on your system, look
for a directory call /usr/src/.puta Found that directory on a few
clients machines.
--
Rik Thomas CTO rikt@xxxxxxxxxxxx | I must desire, not to be
Delaware.Net, Inc. http://www.delaware.net | what I am not, but to be
P:302.736.5515 F:302.736.5945 ICQ:879956 | very truly what I really
$20 Domains!!! http://register.delaware.net | am.