|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Bug hit BIND's makers suggest fee-for-fix model
From: InfoSec News (isn
C4I.ORG)
Date: Thu Feb 01 2001 - 17:09:49 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.it.fairfax.com.au/breaking/20010201/A18373-2001Feb1.html
Thursday, February 1, 2001, 14:51
By BARRY PARK, FAIRFAX IT
ISC, the company behind the BIND domain name server, has suggested a
fee-based membership forum for early vulnerability warnings after a
number of exploits in its server software were exposed.
In an e-mail sent to a company announcement newslist, ISC said "recent
events" had suggested a need for a fee-based membership forum
consisting of ISC itself, software and hardware vendors that include
BIND in their products, root and TLD name server operators, and "other
qualified parties ... nominated at ISC's discretion".
ISC said in the e-mail that not-for-profit members could have their
membership fees waived.
It said it would enforce the use of PGP, or possibly S/MIME, provide
members with information security training, and bind members to
"strong nondisclosure agreements".
Within an hour of the ISC proposal being publically listed on the
network security mailing list BugTRAQ, an anonymous poster had listed
a BIND TSIG (translation signature) buffer mismanagement overflow
exploit.
The exploit is one of four that became the subject of a CERT advisory
this week that the network security group said "present a serious
threat to the Internet infrastructure".
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]