[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] procmail and other GPL source...
- Subject: Re: [cobalt-users] procmail and other GPL source...
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Thu Jul 26 06:59:07 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Lyle Scheer" <lyle.scheer@xxxxxxx> wrote:
> Steve Werby wrote:
>
> > <baltimoremd@xxxxxxxxxxxxxxx> wrote:
> > > Sounds real nice....and I'd be willing to buy the logic if I hadn't
heard
> > > from a reliable source that there is at least one person who is not
and
> > > employee of Sun/Cobalt who has access to the back door.
> >
> > A backdoor may exist, then again it may not. I've been active on the
cobalt
> > lists since mid-1999 and I have a pretty strong RaQ/Linux admin skills
(more
> > by need than by choice) and can say I'm not certain there is a
remote-access
> > Cobalt-developed back door...and if there is I'm not certain non-Cobalt
> > employees are aware and able to utilize it.
>
> Let's see... I've worked for Cobalt since November of 1997. I was
employee
> number 13. I have no knowledge of any backdoor into any Sun Cobalt
product nor
> have I any knowledge of any intention of putting in a back door.
Excellent, Lyle. Hopefully this will calm the fears of some list members.
> However, my opinions on any computer system sold by any vendor you choose
to
> look at is that as long as it powers on and talks to the outside world,
you are
> likely to have security holes.
Of course. And hopefully anyone that administers a server of any kind is
aware of that. I am told some companies offering leased RaQ hosting
services install shell access on a non-standard port and do not allow the
customer to disable it. So there are likely people on list administering
servers with a back door not related to a vulnerability, but at least there
is now a Sun Cobalt employee on-record stating that he has no knowledge of
Cobalt implementing any such back door.
> One of the key tenets of "computer security" is not deluding yourself that
such
> a thing actually exists. It's an oxymoron. The best you can ever do is
> minimize your risk.
I suspect most RaQ admins are administering servers which are not hosting
sites of a secret or confidential nature so in that sense the risk is low.
For most RaQ admins it's probably sufficient to implement a sound minimal
security plan that requires little time to implement and maintain along with
a tested backup and recovery system that can restore the server's data and
services should a security breach be encountered. Lyle, thanks for taking
the time to read my email and respond on your own time. It means a lot and
many on this list appreciate the efforts of you and the rest of the long
time Cobalt employees (it's hard for me to say long time, but I did) who
drop in.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/