Re: [ISN] BIND Flaws Reignite Security Debate

From: InfoSec News (isnat_private)
Date: Tue Nov 19 2002 - 23:57:45 PST

  • Next message: InfoSec News: "[ISN] Osama's Plot to Blow-up the Internet on January 11th"

    Forwarded from: Felix von Leitner <felix-isnat_private>
    
    Thus spake InfoSec News (isnat_private):
    > The ISC told him that they wanted to make sure that the right audience
    > had the patches first.
    
    Am I the only one who thinks this reeks of extortion?
    
    This is by the way not the only questionable behaviour from the BIND
    company; see http://cr.yp.to/djbdns/axfr-clarify.html for a further
    example.
    
    > In an e-mail interview, Brennen said he chose not to pay the fee to
    > join the early announcement list and is now preparing to remove BIND
    > from his environment.
    
    Well, to be fair even the BIND company says BIND 8 sucks and you
    should not used it.
    
    On the other hand, it is used on the root server the ISC houses.  
    Mhh.
    
    I think we as security experts should educate the public that this
    kind of extortion and blackmail is not a sign of trustworthy software
    and should not be tolerated.  After all, not being hold hostage by one
    vendor is exactly the key strength of the open source movement.
    Finally, You have the choice!  Use it wisely!
    
    Felix
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Nov 20 2002 - 02:25:00 PST