Hi Mike, > There was a quick fury of emails regarding this last week, but I haven't > seen/heard anything since. Does anyone have any updates?
I've been in email contact with two Sun Cobalt technicians (Anthony Placilla & Shaun White) on 26th September and forwarded them all the forensics that I could gather off the compromised ControlStation. I didn't hear back from them once I had sent them everything, so my best guess is they're now working on a fix. I thought about submitting a more detailed writeup to Bugtraq, but I doubt that it would be in everyones best interest. So that's a no-no until Sun Sun has it wrapped up thoroughly. FWIW: I have plugged the hole on my own CS by now and thought about rolling up a PKG. But like always a patch is also sort of a full disclosure and will point the wrong people into a direction which many CS users won't like. After all, most of the CS users might neither be aware of the problem or that an unofficial fix is available. So I rather leave that to Sun and hope that the proper patch is speedily available on BlueLinQ. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
