[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] Serious Flaws Found in BIND Server Software
Hello Mr. Williams:
I am sorry but I do have problems with understanding many things of American English. Who are these people Richard Clark and Andrew Card? Do they work for the government of U.S.?
Thank You,
F-W Fidget
--- Jeff Williams <jwkckid1@ix.netcom.com> wrote:
>Jefsey and all stakeholders or other interested parties and members,
>
> Unfortunately again Jefsey you are again a bit behind the curve
>in your comments/statements below to Sotiris's article notification.
>First, Bind 9.3 is a base line only for recommended use. As I and
>a number of our [INEGroup] members have been working
>with Richard Clark and Andrew Card on the cybersecurity
>effort, a version of BindPlus is currently Preferred, and may
>be required, despite the IETF's and ICANN's objections.
>Those objections are that BindPlus is not open source
>software even though neither ICANN or the IETF actually
>produce any code...
>
> Second as Sotiris's article rightly points out, older versions
>of Bind (v4-v8) have had the proper patches applied or
>available to be applied to fix the current known security holes
>that exist.
>
>J-F C. (Jefsey) Morfin wrote:
>
>> Right now only djbdns and Bind 9.3 should be used. The mere fact that a
>> large number of Bind 4 are still in use shows the difficulty to consider
>> the Internet as a network. This is the real challenge of the White House
>> Cyberspace Security team. And ours. jfc
>>
>> On 04:37 13/11/02, Sotiris Sotiropoulos said:
>>
>> >http://www.eweek.com/article2/0,3959,696200,00.asp
>> >
>> >"Security researchers have discovered several serious new
>> >vulnerabilities in the BIND software that runs on the vast
>> >majority of the Internet's DNS servers. The most serious
>> >flaw, a buffer overrun in both BIND 4 and BIND 8, enables
>> >an attacker to execute arbitrary code on a vulnerable
>> >server.
>> >
>> >The Internet Software Consortium, which maintains the free
>> >BIND (Berkeley Internet Name Domain) software, has
>> >released patches for both affected versions. "
>> >
>> >
>> >Sincerely,
>> >
>> >Sotiris Sotiropoulos
>> >
>> >
>> >---------------------------------------------------------------------
>> >To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
>> >For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
>> >
>> >
>> >
>> >---
>> >Incoming mail is certified Virus Free.
>> >Checked by AVG anti-virus system (http://www.grisoft.com).
>> >Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/02
>>
>> ------------------------------------------------------------------------
>>
>> Part 1.2 Type: Plain Text (text/plain)
>
>Regards,
>--
>Jeffrey A. Williams
>Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
>CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
>Information Network Eng. Group. INEG. INC.
>E-Mail jwkckid1@ix.netcom.com
>Contact Number: 214-244-4827 or 972-244-3801
>Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
>For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
_____________________________________________________________
Get email for your site --->
http://mail.netcityhk.com http://mail.netcitycn.com
http://mail.netcitytw.com
http://mail.netcityjp.com
http://mail.sharonleung.net
_____________________________________________________________
Select your own custom email address for FREE! Get you@yourchoice.com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de