Re: [cobalt-users] New SSL Vulnerability ?

["Dave Thurman (Mailing List Email)" <listonly@xxxxxxxxxxxxxxxxxxxx>]

on 9/17/02 8:07 PM, Rick Ewart stated:


> 
> But FWIW, I read a message on the security list that said that the prior SHP
> (Security Hardening Package) helped protect against buffer overflows.
> Someone from Sun (I think - it was late) indicated that those with it
> running would not be vulnerable to the first problem - the
> linux.slapper.worm. Of course I have to presume that one did not completely
> disable the software as a result of the issues with it, but instead set it
> to "no action". He also only listed a few of the newer boxes, which was
> interpreted by someone as "only these boxes", but I think it referred to
> anyone who managed to get it installed as part of the 'pioneer program'. ;)
> 
We have decided to be one of the lurkers when it comes to Sun/Cobalt beta
updates. Been bitten on about the last 4.
> 
> Gotta admit - knowing what the right path to choose is confusing, at
> best.... I knew this day would come eventually... And I thought the round in
> February or so when all the UK boxes got hacked was bad....
> 
> It WOULD BE NICE if someone from Sun could let us know what is up and what
> to expect in terms of patches and all... Not that I am holding my breath...
> 
> Take care all.
> Rick Ewart

We converted our last Raq3 to a Raq4 this morning, waiting on Sun/Cobalt to
decide when to release a patch is too dangerous with times like now. I would
imagine they want to release all at the same time, and are being held up on
the older Raq's. With the users, development and security list here, having
a Raq4 is the way to go. The raq3 is getting less and less attention. We
grabbed a OSRCD from Gerald and they work great.

Just my 2¢, anyone have any change??
-- 
Thanks!!
Dave Thurman
The Web Presence Group / www.webpresencegroup.net
Listonly <at> webpresencegroup.net / Spam Block 8^Q