Re: [cobalt-users] recents hacks CERT # 25583

["Carrie Bartkowiak" <ravencarrie@xxxxxxxx>]

> Ok after a few hacks and a rehack I go in toutch with CERT, they are aware
of
> the vunerability, but were not aware that so many Cobalts owners had to
deal
> with this...

Are they aware that *thousands* of people using those same versions of BIND
and ProFTPd have had to deal with this?
I'm sure they are.

> I want the law to look at this,

Why?!?  This is an issue with the above two programs, not with the Cobalt.
Don't you people get it yet?

> but they won't take up a case unless there is
> $10,000 + provable damage.   Now lets assume we use Cobalt Pro Services to
> restore my machine,  and they are as slow as I am, the cost to redo a
machine
> is $1,500 throw in the pop and pizza and I am not close to this.
>
> Anybody else who was hacked and will email his name etc..so that
collectively
> we are over $10,000 and the man in black coats and sunglasses will look
into
> this...

*sigh*
So let's say you've lost $1,500. And 'pop and pizza'.
Do you know what that really is in terms of business?  Nothing.
Write it off as a loss.
This is not because you're running a Cobalt. This is NOT Cobalt's fault.

Back in '98 I was on a WinNT server with Verio running iChat software. You
know, the really cool chat software that Yahoo *used* to use?
Well I had a chat site too. When Yahoo switched to their own chat software,
lots of people who wanted to stick with the iChat flocked to two places -
iVillage and my site.
Some little script kiddie got a hold of the iChat server software and ripped
it apart until he found a way to enter an iChat site and take it over. He
went around to every iChat site he could find and did this. iChat couldn't
catch him because by the time the chat site owner would call them up
screaming, he'd have already wiped out all of the admins and he'd be in full
control. iChat had 6 technicians chasing this kid around a chat site for 6
hours one time and they still couldn't pin him down.
Finally script kiddie got to my site. He was ripping out my admins one by
one, taunting them.  They ICQ'd me and told me what was happening. I logged
straight into the iChat administration and shut the chat server down rather
than trying to fight him and keep him out. Because I did that, I lost a lot
of chatters. My site was down for a *long* time while Verio and iChat tried
to clean things up and make it so he couldn't get back in. My logs were
intact (he hadn't gotten around to wiping them yet) and I was able to get
his IP.

You know who I blamed for this?
It wasn't iChat.
It wasn't Verio.
It was the script kiddie.

HE is the one who hacked into my site and chat server.  HE is the one I
called the FBI about. HE is the one I called his ISP about. And HE is the
one who got in a lot of trouble for all of these chat sites having all of
these problems.

Now, call me insane if you want to, but I didn't sue anybody.
I didn't sue iChat for making software that someone had found a hole in. I
didn't sue Verio for not giving me a server that couldn't be broken into. I
knew that both of those things were impossible to do completely and that it
was NO ONE'S fault but that hacker's that my chat site was down and I lost
revenue and chatters.

This is the SAME thing.
Blame the people who are responsible for this - the hackers, NOT Cobalt or
the people who wrote BIND and ProFTPd!!

And I'll tell you something - if you want a server that is completely
secure, that you don't have to worry about or bother with updating to the
latest releases and patches - you'd better pour it into a block of concrete
and drop it in the ocean. Because that is the ONLY way that you'll be able
to have a server that's invulnerable.

But I suppose if you did that and the concrete block cracked when it hit
bottom and some salt water got in there and ruined the motherboard, you'd
come sue me for telling you to do it.

Ridiculous. Truly.
CarrieB