nanog mailing list archives
Re: Reasons why BIND isn't being upgraded
From: Patrick Greenwell <patrick () cybernothing org>
Date: Fri, 2 Feb 2001 11:13:56 -0800 (PST)
On Fri, 2 Feb 2001, Bill Woodcock wrote:
On Fri, 2 Feb 2001, Patrick Greenwell wrote: > By the same token one might argue that atempting to hide vunerabilities > to those paying you for "early warnings" doesn't help at all. Not at all... If you're trying to hide a vulnerability by lying about your version number, that presupposes generally-held knowledge of an association between a vulnerability and a version number. "Early warning" is specifically a means of delaying the general availability of knowledge of that association.
Which leaves those that have not been informed of such vunerabilities acutely vunerable. Script kiddies may be stupid, but the people writing the program that they utilize generally aren't. Without rehashing the whole "open-disclosure" vs. "non-disclosure" arguments related to security issues in software, or the historically extreme inadequacies of CERT in offering timely notification of ANY security-related issues, it's very disappointing to see ISC resort to a fee-based, non-public-disclosure-at-the-time-of-discovery, NDA'd and "we'll update people via CERT" method of dealing with the community they have served for so long. I would have hoped by now that lists such as Bugtraq would have adequately exhibited the folly of such methodologies. Obviously that is not the case.
Current thread:
- Re: [NANOG] Re: Reasons why BIND isn't being upgraded, (continued)
- Re: [NANOG] Re: Reasons why BIND isn't being upgraded Jim Mercer (Feb 24)
- Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
- Re: [NANOG] Re: Reasons why BIND isn't being upgraded Pim van Riezen (Feb 24)
- Re: [NANOG] Re: Reasons why BIND isn't being upgraded J Bacher (Feb 24)
- Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
- Re: Reasons why BIND isn't being upgraded Paul Vixie (Feb 24)
- Re: Reasons why BIND isn't being upgraded Adam McKenna (Feb 24)
- Re: Reasons why BIND isn't being upgraded Greg A. Woods (Feb 24)
- Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
- Re: Reasons why BIND isn't being upgraded Bill Woodcock (Feb 24)
- Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
- Re: Reasons why BIND isn't being upgraded Joe Rhett (Feb 24)
- Re: Reasons why BIND isn't being upgraded Patrick Greenwell (Feb 24)
- Re: Reasons why BIND isn't being upgraded Kevin Oberman (Feb 24)
- Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) mdevney (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Mikael Abrahamsson (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Stephen Stuart (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) alex (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasonswhy BIND isn't being upgraded) Steve Sobol (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasonswhy BIND isn't being upgraded) Henry R. Linneweh (Feb 24)
- Re: Vixie doing his part to make people upgrade (was:Re: Reasons why BIND isn't being upgraded) Steve Rubin (Feb 24)
- Re: Reasons why BIND isn't being upgraded Adam McKenna (Feb 24)