[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Cobalt to provide compensation for server hack?

Subject: RE: [cobalt-users] Cobalt to provide compensation for server hack?
From: "Donna Lever" <webmaster@xxxxxxxxxxxxxxxxxx>
Date: Sun Feb 18 00:20:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Rodolfo
Paiz

> > I would be interested to hear of any action that anyone has
> > already taken, and/or your views, comments or criticism.
>
> Well, since you ask...
>
> Note that, for your benefit, I've let this email sit for 24
> hours or so
> to ensure that I wasn't reacting *too* angrily. Amazingly
enough, I
> stand solidly behind what I wrote last night.
>
> > One of our RAQ3 servers was a victim of the recent hack. Has
> > anyone taken up the issue of compensation for this incident
> > with Cobalt? Surely they must be liable as they failed to
> > provide sufficient server protection. We had all patches
> > loaded and security was still compromised.
>
> <NAPALM BOMB snipped>

>
> Please confirm that you have properly installed and
> configured AT LEAST
> the latest PKG or RPM files for the following applications:
>
> * ipchains
> * portsentry
> * logcheck
> * amavis
> * apache
> * sendmail
> * bind
> * qpopper
>
> Latest stable versions, of course.

....and kiss your warranty goodbye. Unfortunately, Cobalt can't
have it both ways - the warranty has to cover the software,
because it's void if you change any of these things as supplied,
or add anything other than their sanctioned updates. What you are
saying here, is in fact the EXACT opposite, of everything Cobalt
insists you do. I'm not lawyer, but I'm sure there's very likely
a legal argument they haven't showed some kind of duty of care.
(ie: making the box secure voids the warranty because it's not
sufficiently secure when they hand it over.)

Not that I think everyone should run out and sue Cobalt. What I'd
rather see is the hackers/crackers (and lets add the spammers) or
whatever they like to call themselves severely penalised. Too
often when it comes to internet problems, everyone can't wait to
blame the victims - your fault it was in insecure box, your fault
you were running the wrong version of sendmail/Bind/Apache/FTP,
etc. If your neighbour is burgled, don't forget to tell them it
was their fault because their alarm system and locks obviously
weren't good enough.

It's about time the finger was squarely pointed where it belongs,
with the people compromising these systems.

--
Donna Lever
Smart Artist Web Services
http://www.smartartist.com.au/

Follow-Ups:
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: GPS
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: Dom Latter
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: Rodolfo Paiz

References:
- RE: [cobalt-users] Cobalt to provide compensation for server hack?
  - From: Rodolfo Paiz

Prev by Date: RE: [cobalt-users] Upgrading Perl
Next by Date: Re: [cobalt-users] Stupid ? - Restart server from Telnet
Previous by thread: RE: [cobalt-users] Cobalt to provide compensation for server hack?
Next by thread: RE: [cobalt-users] Cobalt to provide compensation for server hack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index