[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE:[2] [cobalt-users] Cobalt to provide compensation for server hack

Subject: RE:[2] [cobalt-users] Cobalt to provide compensation for server hack
From: RaQ3 <cobalt@xxxxxxxxxxx>
Date: Sat Feb 17 03:49:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Vachon, Scott" <Scott.Vachon@xxxxxxxxxxxxxx> wrote on 16.02.01 
19:13:24: 
>
>>Has anyone taken up the issue of compensation for this incident with
>Cobalt? Surely >they must be liable as they failed to provide 
>sufficient server protection. We had
>>all patches loaded and security was still compromised.
>
>You are kidding right ? Do you sue an auto maker because you locked 
>your car but, it was still stolen ? What protections (firewalls, IDS, 
>etc) did YOU build into your network ? I think the due diligence falls 
>on your company, for protection of the network.

Hi Scott !

I am not thinking about going to court with cobalt. But at the end it 
is not THAT obvious when you look at it:

If we stay in your picture. Assume you had an auto maker who would not
make good locks for the car. But only simple ones that could be 
compromised easily since they are not keeping up with technical 
development ... ;-) 

The Cobalts are made for a target customer group that is not very 
familiar with Linux and Webservers. I guess most people buy/lease one 
to have a machine and no problems.
When you look at it that way it means, that the supplier has to have the
updates VERY current because the normal customer is not able to seek
for any security holes, find the patches and install it from scratch.
(That is why he bought a Cobalt and paid more for it).

But that's not all:
If you went the security way yourself then you had to install patches 
that would brake your warrenty !  So - what to do ?
Braking the warrenty or waiting for Cobalt and the .pkg ?!

If anyone from Cobalt is reading this (sure there is someone) then you
should think about it some more. What I really miss is a utility that 
can check a whole RaQ / Qube for traces of a hack and restore the good 
files. You guys have to understand that it is not done with the words:

'I think you should rebuild it from scratch.', because:

1.: There are many customers who lease a Cobalt at a CoLo. Rebuilding
from scratch will cost a few hundred dollars !
2.: The next week or so you spend your nights on rebuilding all the 
sites and users.
3.: You have to tell all your customers that you were hacked !  Since
the people who changed their e-mail-pwds will not get their mail ...

Think about one thing: Now you have a customer. You paid a lot of 
money for advertising and fairs and stuff to get him - Good.
But - what will he buy next time ?  A Cobalt again ?  Or anything else..
 

I would like to hear a word from Cobalt on these points...

Thomas

--
InternAd.de
Internet Advertising
Thomas Prosi
tp@xxxxxxxxxxx

Prev by Date: Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks
Next by Date: Re: [cobalt-users] Cobalt to provide compensation for server hack?
Previous by thread: [cobalt-users] CobaltRAQ4 - How can I find rpmlib to replace the error
Next by thread: [cobalt-users] dns server on raq3i

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index