[53366] in North American Network Operators' Group
Re: new bind vuln
daemon@ATHENA.MIT.EDU (Michael H. Warfield)
Wed Nov 13 08:28:38 2002
Date: Wed, 13 Nov 2002 08:28:01 -0500
From: "Michael H. Warfield" <mhw@wittsend.com>
To: Barney Wolff <barney@tp.databus.com>
Cc: "Steven M. Bellovin" <smb@research.att.com>, nanog@merit.edu
Mail-Followup-To: Barney Wolff <barney@tp.databus.com>,
"Steven M. Bellovin" <smb@research.att.com>, nanog@merit.edu
In-Reply-To: <20021113054628.GA67214@tp.databus.com>
Errors-To: owner-nanog-outgoing@merit.edu
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Nov 13, 2002 at 12:46:28AM -0500, Barney Wolff wrote:
> This does beg the question (not that I hold *you* responsible!)
> why the advisory had to come out before the patch. Does anyone
> know whether the news had escaped to the blackhats? Otherwise
> I cannot understand the rationale.
> Barney
Asking the wrong person on at one. And by that, I mean both
Steve (who has nothing to do with it) and myself (I'm the Senior Researcher
and Fellow at ISS, so I guess I do have something to do with it). ISS was
under the impression that the patches and new sources WOULD be available
when we released. We released as agreed upon and they weren't. What
can I say...
> On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
> > CERT said that the ISS advisory was to be released on 13 November, and=
=20
> > that the patch would be available from ISC next week. There was no=20
> > indication about when CERT itself was going to issue an advisory, but=
=20
> > clearly someone said something a day earlier than had been expected.
> > --Steve Bellovin, http://www.research.att.com/~smb (me)
> > http://www.wilyhacker.com ("Firewalls" book)
> --=20
> Barney Wolff http://www.databus.com/bwresume.pdf
> I'm available by contract or FT, in the NYC metro area or via the 'Net.
Mike
--=20
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
/\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/=
mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBPdJTYeHJS0bfHdRxAQFRxwQAiRPKXFRdNR81udSTRtpGLCdVdBCRJAJ2
PO5N36paZBfBdN1dAUUS0M7a9y5d1yDNE3NjqoS39zNlzbduXBNOyhIpiHHNsn0W
AQN1M47t7PwoxkqPX+9IoCP2XaTTZxm0+37zv2YsU3RjauFSz2i97Q+Hfjr1Dl3d
VZ10InY4ZwE=
=ik0z
-----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
