[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] next question

Subject: Re: [cobalt-users] next question
From: flash22@xxxxxxx
Date: Sun Jan 6 16:30:09 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 6 Jan 2002, root wrote:

> I had a new-hire working on my qube 3 last evening setting up an email 
> server, and I caught him doing something with a program called pg.  How do I 
> know if my server now has a backdoor?  What kind of security measures do you 
> all recommend for the qube?  I looked up pg, it's an sql client, and I found 
> that an older version has a built in exploit that collects passwords in 
> conjunction with apache.  Should I be worried about this, or am I just being 
> too paranoid?

You are posting email using the root account from a adsl machine, and only
now wondering if you should be more paranoid? ;P

The short answer is, you have NO way of knowing if someone you let into
your machine installed anything, so don't let people work on it that you
don't explicitly trust.

As to what security measures, you had one, you gave it away , you let
him have the keys to the machine ;P

gsh

References:
- [cobalt-users] next question
  - From: root

Prev by Date: [cobalt-users] RaQ2 Hacked - sshd vulnerability?
Next by Date: Re: [cobalt-users] gui question
Previous by thread: [cobalt-users] next question
Next by thread: Re: [cobalt-users] next question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index