[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 as adm in or any other user!!!
- Subject: RE: [cobalt-users] Re: HACKED! Unable To TELNET in to RAQ3 as adm in or any other user!!!
- From: Brandon Wheaton <brandonw@xxxxxxxxxxxx>
- Date: Sat Feb 10 14:20:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> -----Original Message-----
> From: Eddie Jones [mailto:ejones@xxxxxxxxxxx]
> Sent: Thursday, February 08, 2001 2:46 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] Re: HACKED! Unable To TELNET in to
> RAQ3 as admin
> or any other user!!!
>
>
> This is the response I got from Support.
>
> Eddie-
> Sorry to take so long to get to you... you are not
> alone... this was caused by a hacker who has done the exact
> same thing to other cobalt's like yours. I am attempting to
> get them all fixed, but I will need your IP and admin password
> in order to help.
> Regards,
>
> Dedicated Hosting
> Support Technician
>
> My services are not back yet
>
> I wonder what security fix opened this door? Or will close it?
>
Hi.
I think it is EXTREMELY important to note here that you should
not give out your login information to someone calling and
claiming to be a Cobalt technician who wants to get in and
check out your system for any reason. If you initiate the
call to Cobalt and they request your password, you should
change your password, give them the new one and change it
again after they are finished. If the techs are as careless
with people's admin passwords as they are with QA we could
have huge problem on our hands.
I have had a couple of people mention that "Cobalt" had
made unsolicited calls them to say that they wanted their
admin password so they could get in and make sure they were
not vulnerable to the latest BIND hack. These people are not
so gullible and basically told the person on the other end
of the phone to have sex with themselves (in not so many
words) and called Cobalt to verify that their techs did
not actually call.
Be aware and do not fall victim to "social engineering" ;^)
Take care.
Brandon Wheaton
UNIX Systems Engineer
ValiCert, Inc.
1215 Terra Bella Ave.
Mountain View, CA 94043
650.280.UNIX
----
Sure UNIX is user friendly; it's just picky about who its friends are.