Information Security News mailing list archives
Bug hit BIND's makers suggest fee-for-fix model
From: InfoSec News <isn () C4I ORG>
Date: Thu, 1 Feb 2001 17:09:49 -0600
http://www.it.fairfax.com.au/breaking/20010201/A18373-2001Feb1.html Thursday, February 1, 2001, 14:51 By BARRY PARK, FAIRFAX IT ISC, the company behind the BIND domain name server, has suggested a fee-based membership forum for early vulnerability warnings after a number of exploits in its server software were exposed. In an e-mail sent to a company announcement newslist, ISC said "recent events" had suggested a need for a fee-based membership forum consisting of ISC itself, software and hardware vendors that include BIND in their products, root and TLD name server operators, and "other qualified parties ... nominated at ISC's discretion". ISC said in the e-mail that not-for-profit members could have their membership fees waived. It said it would enforce the use of PGP, or possibly S/MIME, provide members with information security training, and bind members to "strong nondisclosure agreements". Within an hour of the ISC proposal being publically listed on the network security mailing list BugTRAQ, an anonymous poster had listed a BIND TSIG (translation signature) buffer mismanagement overflow exploit. The exploit is one of four that became the subject of a CERT advisory this week that the network security group said "present a serious threat to the Internet infrastructure". ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Bug hit BIND's makers suggest fee-for-fix model InfoSec News (Feb 02)