Re: Not a good day now stuff from here is on BBC

[Charles Sprickman <spork () inch com>]

On Wed, 31 Jan 2001, Henry R. Linneweh wrote:

> I understand that, the issue I had with this is in the presentation
> "Major net security holes identified", Should have read "Major net
> security holes fixed " this would have been fair to Paul and crew.
> is all I am saying.....

I think that with the remote-shell exploit just released on Bugtraq the
next article will have to revert to "Major security hole found - chaos
ensues".

In an informal survey of about two dozen hosts (upstreams, friends,
well-known corporations), myself and a coworker found that all of them
were running vulnerable versions.  Of course it's possible some of these
are running as user "bind", maybe chrooted, maybe firewalled, but I'd bet
the majority aren't.

Add up all the broadband users running some unix box as their gateway and
running whatever version of bind came with their distro, and I think
you'll find that there will be thousands more cracked boxes come tomorrow
a.m.

Pair all this with the current crop of DDoS tools and I think you'll find
that this is one of the worst bugs to crop up in a long time.

Charles

> Simon Lockhart wrote:
>
> > > Major net security holes identified
> > > http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm
> >
> > Heh, we're a news organisation. We report things as they happen ;-)
> >
> > Simon
> > --
> > Simon Lockhart                       |   Tel: +44 (0)1737 839676
> > Internet Engineering Manager         |   Fax: +44 (0)1737 839516
> > BBC Internet Services                | Email: Simon.Lockhart () bbc co uk
> > Kingswood Warren,Tadworth,Surrey,UK  |   URL: http://support.bbc.co.uk/
>
> --
>
> Thank you;
> |--------------------------------|
> | Thinking is a learned process. |
> | ICANN member @large            |
> | Gigabit over IP, ieee 802.17   |
> | working group                  |
> | Resilient Packet Transport     |
> |--------------------------------|
> Henry R. Linneweh