Re: BIND Flaws Reignite Security Debate

[InfoSec News <isn () c4i org>]

Forwarded from: Felix von Leitner <felix-isn () fefe de>

Thus spake InfoSec News (isn () c4i org):
> The ISC told him that they wanted to make sure that the right audience
> had the patches first.

Am I the only one who thinks this reeks of extortion?

This is by the way not the only questionable behaviour from the BIND
company; see http://cr.yp.to/djbdns/axfr-clarify.html for a further
example.

> In an e-mail interview, Brennen said he chose not to pay the fee to
> join the early announcement list and is now preparing to remove BIND
> from his environment.

Well, to be fair even the BIND company says BIND 8 sucks and you
should not used it.

On the other hand, it is used on the root server the ISC houses.  
Mhh.

I think we as security experts should educate the public that this
kind of extortion and blackmail is not a sign of trustworthy software
and should not be tolerated.  After all, not being hold hostage by one
vendor is exactly the key strength of the open source movement.
Finally, You have the choice!  Use it wisely!

Felix



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.