Hi Chuck, On Thu, 27 Jan 2000, Chuck Pitre - Technical Support wrote: > Needles to say that was scary :) > anyhow I rather feel embarrassed about this one (actually I can't believe > I didn't think of it myself) > > I've pasted his email to me below. I have not yet attempted to duplicate > the bug. Well, this is not a new thing. Actually, from a test I conducted on the Cobalt QUBE2 machine, it suffers from serious securiy flaws. For example, the web GUI interface once initiated with the admin password, would remember the station you entered from. Thus, if you don't close your browser, and you change sites, someone can come to your machine, punch up the QUBE2 admin site, and walla, instant admin. Another matter was the fact that the QUBE2 isn't SSL managed. Which made it very simple for me to go and sniff the passwords out on the network :-) I don't want to start commenting on the 2.0.31 kernel that is installed on this R4000 based machine, but hey, this is not the place. I guess we all know about flews in Linux 2.0.31 kernel. In any case, if you are using the RAQ2 and RAQ3 products, and you have more information available, please send it over ASAP. Our company is at the edge of choosing a Linux platform for V-Hosting, and we would like to hear from people already using it. Best regards, Nir Simionovich artNET Experts, Ltd. Security & Systems Consultant Israel http://www.artnet.co.il
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:14 PDT