[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers

Subject: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
From: Charlie Summers <charlie@xxxxxxxxxx>
Date: Fri Jun 21 09:41:06 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

At 11:22 AM -0400 6/21/02, Chad is rumored to have typed:

> Psych 101 - Never underestimate the power of denial...

   I, for one, am not in denial. I also refuse to jump up-and-down screaming
that the sky is falling. Panic isn't any better than denial - neither are
productive, both cause more trouble than you had originally.

> Anyone who owns anything with a Cobalt tag on the
> front panel, *IS* vulnerable to the Apache issue...!

   And about six bazillion _other_ issues. This whole DoS thing is terrible,
of course, but geez, guy, there are about a gadzillion _other_ ways of
generating DoS attacks, distributed viral attacks being _much more_ of a fear
than this. There are _much_ easier pre-packaged rootkits your Cobalt is
succeptable to. There are hundreds of ways for a script kiddie to take over
your machine and install his IRC bot on it. The Apache advisory is certainly
a security issue. It is NOT the end of the world, and you have other security
risks in your Cobalt that you don't even know about yet. So calm down, for
heaven's sake. Next time you feel the need to hit the exclaimation point a
few times, think long and hard about it first.

> If you want to do something, start shaking the
> Cobalt/SUN tree and demand if/when they plan on
> releasing updates to Apache for their products, as
> Apache has already released 1.3.26 to address this
> issue two days ago...!!

   Actually, if you want to do something _productive,_ stop shaking trees (or
fists) and ask politely if anything is being done to deal with this issue.
Has anyone bothered to actually contact anyone at Sun and ask if there's
anything in the works? Or are we all too busy running around in little
circles bemoaning how unfair life is?

   Of course, you always have the option of installing 1.3.26 on your
Cobalts, if you'd like. Your GUI will likely break, but hey, let us know how
it goes. I'll risk a DoS on this waiting for a security patch, thanks.

   Panic rarely solves _any_ problem. Screaming even fewer.

         Charlie

Follow-Ups:
- Re: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
  - From: Steve Bassi
- Re: [cobalt-users] Apache Chunked Vulnerability and Cobalt servers
  - From: Bruce Timberlake
- RE: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
  - From: Peter Masloch

References:
- [cobalt-users] Apache Chunked Vulnerability and Cobalt servers
  - From: Chad

Prev by Date: [cobalt-users] OT - I Need a Mother Board
Next by Date: Re: [cobalt-users] email question...
Previous by thread: Re: [cobalt-users] Redhat release of Raq3
Next by thread: Re: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index