Just one site. You used to be able to buy a wildcard cert from them as well. you need to email them for the info though.
regards Lee ----- Original Message ----- From: "Bill McToy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 18, 2002 5:52 AM Subject: [cobalt-security] Re: OT: SSL Certs > Lee, > Is the certificate for the entire server or just one site? > > Bill > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, August 17, 2002 12:00 PM > To: [EMAIL PROTECTED] > Subject: cobalt-security digest, Vol 1 #882 - 10 msgs > > > Send cobalt-security mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://list.cobalt.com/mailman/listinfo/cobalt-security > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cobalt-security digest..." > > > Today's Topics: > > 1. Re: OT: SSL Certs (Up The Blues) > 2. RE: OT: SSL Certs (Bradley Caricofe) > 3. RE: OT: SSL Certs (craig) > 4. RE: OT: SSL Certs (njd76) > 5. Re: Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION > REQUIRED! (Zeffie) > 6. Re: Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED! > (Zeffie) > 7. Re: Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! (Mailing Lists) > 8. Re: Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION > REQUIRED! (Zeffie) > 9. Re: Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION > REQUIRED! (Michael Stauber) > > --__--__-- > > Message: 1 > From: "Up The Blues" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] OT: SSL Certs > Date: Fri, 16 Aug 2002 20:11:44 +0100 > Reply-To: [EMAIL PROTECTED] > > Try Geotrust. > > > Cheap and works well. > > regards > > Lee > > > ----- Original Message ----- > From: "Chris Burchell" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, August 16, 2002 3:55 PM > Subject: [cobalt-security] OT: SSL Certs > > > > I'm looking for an inexpesive option for obtaining an SSL certificate. > > > > So far, I see: > > > > Thawte - 1 year: $200 > > VeriSign - 1 year: $400 > > IPSCA - 2 years: $69 > > > > > > I'm inclined to go with a name like Thawte, but has anyone had experience > with certs from IPSCA? > > > > Are there any other relatively inexpensive places to buy SSL certs? > > > > Regards, > > Chris > > _______________________________________________ > > cobalt-security mailing list > > [EMAIL PROTECTED] > > http://list.cobalt.com/mailman/listinfo/cobalt-security > > > > > --__--__-- > > Message: 2 > Date: Fri, 16 Aug 2002 16:59:03 -0400 > From: Bradley Caricofe <[EMAIL PROTECTED]> > Subject: RE: [cobalt-security] OT: SSL Certs > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > > I'm looking for an inexpesive option for obtaining an SSL certificate. > > > > So far, I see: > > > > Thawte - 1 year: $200 > > VeriSign - 1 year: $400 > > IPSCA - 2 years: $69 > > I've tried a couple from RackShack.net for $50 and they work great. > > -Brad > > --__--__-- > > Message: 3 > Date: Sat, 17 Aug 2002 09:27:24 +1200 (NZST) > From: craig <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: RE: [cobalt-security] OT: SSL Certs > Reply-To: [EMAIL PROTECTED] > > > > I'm looking for an inexpesive option for obtaining an SSL certificate. > > > > > > So far, I see: > > > > > > Thawte - 1 year: $200 > > > VeriSign - 1 year: $400 > > > IPSCA - 2 years: $69 > > > > I've tried a couple from RackShack.net for $50 and they work great. > > > There is also > instantssl.com > freessl.com > > most of the cheaper ones only work with IE 5.01 x and above and NE 4.7 and > above > > > > > --__--__-- > > Message: 4 > From: "njd76" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: [cobalt-security] OT: SSL Certs > Date: Fri, 16 Aug 2002 17:51:48 -0400 > Reply-To: [EMAIL PROTECTED] > > Great site I found that compares them all for you. > www.whichssl.com > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of craig > Sent: Friday, August 16, 2002 5:27 PM > To: [EMAIL PROTECTED] > Subject: RE: [cobalt-security] OT: SSL Certs > > > > I'm looking for an inexpesive option for obtaining an SSL > certificate. > > > > > > So far, I see: > > > > > > Thawte - 1 year: $200 > > > VeriSign - 1 year: $400 > > > IPSCA - 2 years: $69 > > > > I've tried a couple from RackShack.net for $50 and they work great. > > > There is also > instantssl.com > freessl.com > > most of the cheaper ones only work with IE 5.01 x and above and NE 4.7 > and > above > > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > --__--__-- > > Message: 5 > From: "Zeffie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! > Date: Sat, 17 Aug 2002 03:17:47 -0400 > Reply-To: [EMAIL PROTECTED] > > > Like the man says, just disable logging/emails > > > > I am sure it will just be a remotely exploitable filelimit / email ddos, > > > > Each scan will result in an admin email, do enough scans form enough > > simulated host in such a short period, and the box will die due to > > number of concurrent open emails / drain on resources sending them.. > > you are incorrect sir... > > > I could be wrong tho.. :) > > you are :) > > Zeffie > http://www.zeffie.com/ > > > > --__--__-- > > Message: 6 > From: "Zeffie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! > Date: Sat, 17 Aug 2002 05:15:49 -0400 > Reply-To: [EMAIL PROTECTED] > > > > The recent RaQ4-en-Security-2.0.1-SHP.pkg allows a remote attacker to > > > cause system crashes. To avoid this I suggest you disable the Scan > > > Detection in Parameters by selecting "do nothing". Else you might not > be > > > happy... > > > I have written a small script that can reproduce the problem > consistently. > > > I don't seem to be able to find any way to contact Sun cobalt about > this. > > > what to do? maybe a whitepaper advert?? > > > Sun Cobalt Please Call or contact me > > Email Shaun White ([EMAIL PROTECTED]) - he's in charge of security > > stuff, and runs cobalt-security list as well... > > Bruce Timberlake > > Cobalt/Linux Technology Engineer > > Communications Market Area > > Sun Microsystems, Inc. - San Diego > > done. > I have ask Shaun to let me know that he has received it. > > Zeffie > http://www.zeffie.com/ > > > > --__--__-- > > Message: 7 > Date: Sat, 17 Aug 2002 07:38:30 -0500 > Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! > From: Mailing Lists <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > on 8/17/02 2:17 AM, Zeffie stated: > > >> Like the man says, just disable logging/emails > >> > >> I am sure it will just be a remotely exploitable filelimit / email ddos, > >> > >> Each scan will result in an admin email, do enough scans form enough > >> simulated host in such a short period, and the box will die due to > >> number of concurrent open emails / drain on resources sending them.. > > > > you are incorrect sir... > > > >> I could be wrong tho.. :) > > > > you are :) > > > > Zeffie > > http://www.zeffie.com/ > > > What is the issue with SHP installed on the Raq4's??? > > Dave > > > --__--__-- > > Message: 8 > From: "Zeffie" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! > Date: Sat, 17 Aug 2002 13:06:16 -0400 > Reply-To: [EMAIL PROTECTED] > > > > Well, theoretically it is not impossible to save all replaced files in a > > > safe place (== directory unique to this package), together with > > > checksums of _replacing_ files. Then the uninstaller could restore the > > > files from backup, and do it only if they where not replaced by yet > > The underlying OS on the Cobalt's is an RPM based Linux distribution. You > > install and uninstall RPM packages at leizure - as often as you want. > > Ok, lets say we install the package Neomail-1.20-1.PKG which contains the > > file neomail-1.2.5-1.noarch.rpm. When you install a PKG file (which > > one or more RPMs), then the RPMs are deleted after installation as they > > no longer needed. That's a standard procedure of the PKG installation > > With "rpm -ql neomail-1.2.5-1" you can query which files it brought aboard > > where they are on the system. However, you cannot (reasonably) recreate > > neomail-1.2.5-1.noarch.rpm and tuck it away as backup. The PKG file with > > which we installed it is gone and also the RPM which it contained has been > > erased automatically after or during the installation. > > Actually you could... and in some cases it's good to backup your configs > depending on who and how the rpms where built. > > > Lets spin this thought further > Oh my head! > > Now we install a newer PKG file of the same software: Neomail-1.20-2.PKG > > It contains neomail-1.2.5-2.noarch.rpm and upon installation it replaces > > files which the older neomail-1.2.5-1.noarch.rpm brought aboard. > > Lets assume we don't like the new Neomail and want to go back to the old > > But even if we backed up all files of the old neomail-1.2.5-1.noarch.rpm > > copy 'em back to where they belong: The RPM database still will claim that > > the newer RPM neomail-1.2.5-1.noarch.rpm is installed. > > that's because we don't do things like that. We would just reinstall the > old rpm. If for some reason we can't move forward. which doesn't happen > often because of the ways we build things. (me anyway) > > > So although the original functionality could be restored by a smart and > > automated uninstaller, it wouldn't restore the server to the same exact > > condition, as the RPM database still claims otherwise. Unfortunately the > > RPM > > database is usually the authority which an installer queries to find out > > it's OK to go ahead with an installation or not. > > For unimportant stuff like Nemail this is of no consequence, but for > > critical > > stuff like Apache, Sendmail, Qpopper, IMAP and so on it's a different > > there is no diffrence. you should still manage all files on a system. . > > > The resolution would be: > > If an installer replaced an existing (older) RPM, then a proper and > > complete > > uninstall has to reinstall the old RPM which previously was aboard. But > > where > > do you get it from when RPMs are always deleted after PKG installation? > > well thats what we have ftp sites for. :) > Granted that Sun.Cobalt does not have a location where we can get current > rpms and srpms. > grrrrrr > > ak > > It could be remotely downloaded from the internet and then installed. > > ftp.cobalt.com contains the RPMs which a stock and unpatched RaQ usually > > aboard. That would be one possibility in case were third party software > > installs RPM which replace system services. Or an uninstaller could > > download > > and (partially or completly) re-install the official Sun Cobalt PKG which > > contains the replaced RPM file in such a case. > > not really because there are scripts inside of rpms and like a program there > is an order to these things.. > > <snip> > > > FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o) > > Michael Stauber > > Unix/Linux Support Engineer > > Ok I'm starting to see the problem. But I knew it the first time I saw your > work. :) This is not windows. > Things work much different here.. In the development of rpms we have the > ability to verify how things are building through simple testing before > installing on production machines and then we are installing the same exact > thing. We don't do ./configure make make install all over. There is rarely > a need at all to uninstall things... Unlike MS we build things correctly > and maintain various versions. Which sometimes can make it into > production... but only after development on devel boxes. > > There are reasons for all this rpm fun. > > Zeffie > http://www.zeffie.com/ > "Windows 2000 Support Engineer" (not) > > > > --__--__-- > > Message: 9 > From: Michael Stauber <[EMAIL PROTECTED]> > Organization: SOLARSPEED.NET > To: [EMAIL PROTECTED] > Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR > FLAW!!!!!! ACTION REQUIRED! > Date: Sat, 17 Aug 2002 19:35:51 +0200 > Reply-To: [EMAIL PROTECTED] > > Hi Zeffie, > > > that's because we don't do things like that. We would just reinstall the > > old rpm. > > EXACTLY. ;o) That's how do do it properly. That's how you and I and a few > others would do it. > > The whole point I was trying to make with my previous message was about > that. > You can't reasonably put that much logic in an installer that it in all > cases > allows you to go back all the way if something fails. In some cases you can > do it, but not in all. > > > If for some reason we can't move forward. which doesn't happen > > often because of the ways we build things. (me anyway) > > Same here. > > > Granted that Sun.Cobalt does not have a location where we can get current > > rpms and srpms. grrrrrr > > Yeah, I also agree that this would make life a whole deal easier if it were > otherwise. :o( > > > > Or an uninstaller could download > > > and (partially or completly) re-install the official Sun Cobalt PKG > which > > > contains the replaced RPM file in such a case. > > > > not really because there are scripts inside of rpms and like a program > > there is an order to these things.. > > If you'd do an uninstaller that way, then you'd have to take that into > account, of course. But in most cases the scripts in the RPM are very well > needed, so that's not a problem. If it is, then there is always the > --noscripts parameter of the RPM command. > > > > FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o) > > > Ok I'm starting to see the problem. But I knew it the first time I saw > > your work. :) This is not windows. > > You don't know anything about me, dear colleague. I'm a Linux man trough and > through. The only thing I use Windows for is for accounting and for web- and > image design. > > > In the development of rpms we have the ability to verify how things are > > building through simple testing before installing on production machines > and > > then we are installing the same exact thing. > > You're preaching to the choir, so please turn around if you want to continue > your lecture. ;o) > > I was using that analogy just to show that even in the Windows world (to > which > so many others are used to) a clean uninstall is sometimes not possible. > "Clean" and Windows are contradicting terms anyway <shrug>. > > > There are reasons for all this rpm fun. > > I wouldn't exactly call it fun, especially not after porting 20 RPMs from > the > Qube3 to the RaQ550, which is what I did the last two days. > > -- > > With best regards, > > Michael Stauber > [EMAIL PROTECTED] > Unix/Linux Support Engineer > > > > --__--__-- > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > > End of cobalt-security Digest > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
