lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: Bind 8 patches available

Glen Bishop (glen@...nbishop.com) posted this link to Bugtraq earlier today:

http://www.isc.org/products/BIND/patches/

There are only unified diffs available, rather than a new package version,
which I find rather incredible. In fact, the disclosures by ISS and ISC have
been farcical, more akin to a hoax virus alert than a genuine security
alert.

I recognise that ISC does need financing, and therefore has set up what is
basically a private members club for updates. I also recognise how vital
that the root name servers and ccTLD servers are patched first (rather
worringly, the ISC says the root name servers and TLD servers have to be
patched first. Unless the DNS protocol has been rewritten overnight, these
are the same servers).

However, there comes a point where it is necessary to release both the
details of the vulnerability AND the patch at the same time. The only
conclusion I can make is that this is a cynical ploy to force an upgrade to
BIND 9, a tactic used much more by a certain company based in Redmond,
Seattle, WA.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

If we could learn one thing from September 11th 2001, it would be the utter
absurdity of moral relativism.


- 

NOTICE: The information contained in this email and any attachments is 
confidential and may be legally privileged. If you are not the 
intended recipient you are hereby notified that you must not use, 
disclose, distribute, copy, print or rely on this email's content. If 
you are not the intended recipient, please notify the sender 
immediately and then delete the email and any attachments from your 
system.

RNIB has made strenuous efforts to ensure that emails and any 
attachments generated by its staff are free from viruses. However, it 
cannot accept any responsibility for any viruses which are 
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email 
and any attachments are those of the author and do not necessarily 
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk 

Powered by blists - more mailing lists