Re: new bind vuln

[Andrew Brown <twofsonet () graffiti com>]

> > Haven't seen mention of this yet today and DNS affects most everyone in
> > some way. The advisory was released a day early according to FreeBSD
> > security officer.
> ...
>       Actually, I'll take that back...  The FreeBSD security officer
> was "Notified this morning by CERT.  The notification indicated that ISS
> would go public tomorrow (not today)...".  So it's unclear as to who
> was suffering from optical rectitus, the FreeBSD dude or CERT.  If
> he received the notification in the morning, was it sent the prior
> evening and he didn't get the time jump across midnight, or did CERT
> suffer from a similar brain fart (opppsss...  Is that a banned word?).
> IAC...  The advisory was negotiated and agreed upon between ISS and ISC
> (who was notified by ISS on Oct 25).  It went out as agreed upon and as
> scheduled and as CERT was notified of.  You figure out where the dain
> bramage lay...

what i saw led me to believe that the cert people probably stayed up
really late getting the advisory out and didn't realize that it was
past midnight when they sent their warning to vendors.  i'm told the
following header was in the message.

        Date: Tue, 12 Nov 2002 01:11:44 -0500

combine that with the fact even people who are security-officers for
various vendors just aren't likely to leap out of bed at 7am (local
time, not gmt-0500) and quickly go scan their email for the not
terribly regular pronouncement of a real security problem.

what it comes down to is that the word "tomorrow" is highly
inaccurate.  specific dates and/or times are better, perhaps even with
reference to a specific time zone, if you wish to be that particular.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
werdna () squooshy com       * "information is power -- share the wealth."