[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ga-full] Re: [aso-policy] RE: [aso-comment] IP address holders - are they represented?





On Wed, 15 Mar 2000, KS LIM wrote:

> I feel that I need to say some thing here. BIND may not be the best
> product that can be but it is acceptable for the time being and
> available free to all of us. If any one is unhappy about it he(she) can

You don't get it - do you.  Let me try to clarify the state of BIND for
you.  ALL VERSIONS OF BIND UNDER VIXIE CAN BE HACKED.  Therefore the only
conlcusion is that the existing BIND is not acceptable at all.

If I were to publish some proceedure on bind vulnerabilities - a hacker
could take that and have a field day.  Forget the recent DOS hacks against
YAHOO or eBAY.  That sort of hacking is peanuts in comparason to what can
be done world wide.

Are you aware that the state of then DNS is in such a mess that the entire
would can be subjected to an internet outage.  And most of this mess sits
squarely on Vixies lap.  That's nothing to be proud about.

Someday a hacker is going to realize these vulnerabilities exist and take
advantage of them on a massive scale - and that frightens me.

Your claim that the existing situation is acceptable is a very uninformed
claim.

Regards
Joe Baptista

--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html