OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
John.Airey_at_rnib.org.uk
Date: Fri Nov 15 2002 - 04:03:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Glen Bishop (glenglenbishop.com) posted this link to Bugtraq earlier today:

    http://www.isc.org/products/BIND/patches/

    There are only unified diffs available, rather than a new package version,
    which I find rather incredible. In fact, the disclosures by ISS and ISC have
    been farcical, more akin to a hoax virus alert than a genuine security
    alert.

    I recognise that ISC does need financing, and therefore has set up what is
    basically a private members club for updates. I also recognise how vital
    that the root name servers and ccTLD servers are patched first (rather
    worringly, the ISC says the root name servers and TLD servers have to be
    patched first. Unless the DNS protocol has been rewritten overnight, these
    are the same servers).

    However, there comes a point where it is necessary to release both the
    details of the vulnerability AND the patch at the same time. The only
    conclusion I can make is that this is a cynical ploy to force an upgrade to
    BIND 9, a tactic used much more by a certain company based in Redmond,
    Seattle, WA.

    -
    John Airey, BSc (Jt Hons), CNA, RHCE
    Internet systems support officer, ITCSD, Royal National Institute of the
    Blind,
    Bakewell Road, Peterborough PE2 6XU,
    Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Aireyrnib.org.uk

    If we could learn one thing from September 11th 2001, it would be the utter
    absurdity of moral relativism.

    -

    NOTICE: The information contained in this email and any attachments is
    confidential and may be legally privileged. If you are not the
    intended recipient you are hereby notified that you must not use,
    disclose, distribute, copy, print or rely on this email's content. If
    you are not the intended recipient, please notify the sender
    immediately and then delete the email and any attachments from your
    system.

    RNIB has made strenuous efforts to ensure that emails and any
    attachments generated by its staff are free from viruses. However, it
    cannot accept any responsibility for any viruses which are
    transmitted. We therefore recommend you scan all attachments.

    Please note that the statements and views expressed in this email
    and any attachments are those of the author and do not necessarily
    represent those of RNIB.

    RNIB Registered Charity Number: 226227

    Website: http://www.rnib.org.uk
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html