North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: new bind vuln
On Wed, Nov 13, 2002 at 12:46:28AM -0500, Barney Wolff wrote: > This does beg the question (not that I hold *you* responsible!) > why the advisory had to come out before the patch. Does anyone > know whether the news had escaped to the blackhats? Otherwise > I cannot understand the rationale. > Barney Asking the wrong person on at one. And by that, I mean both Steve (who has nothing to do with it) and myself (I'm the Senior Researcher and Fellow at ISS, so I guess I do have something to do with it). ISS was under the impression that the patches and new sources WOULD be available when we released. We released as agreed upon and they weren't. What can I say... > On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote: > > CERT said that the ISS advisory was to be released on 13 November, and > > that the patch would be available from ISC next week. There was no > > indication about when CERT itself was going to issue an advisory, but > > clearly someone said something a day earlier than had been expected. > > --Steve Bellovin, http://www.research.att.com/~smb (me) > > http://www.wilyhacker.com ("Firewalls" book) > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!