LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pay to hack?

Pay to hack?

Posted Nov 27, 2002 18:23 UTC (Wed) by ranger (guest, #6415)
Parent article: The BIND Forum and the maintenance of critical software

The concern here however, is that ISC may now be making vulnerability information available to people who may not have software security in mind, but rather have joined (would $120 get it?) the forum as indivuduals in order to have free reign on all BIND servers in maintained by people who have not paid the extortion fees for a period of up to 10 days (or possibly more?).

Does the ISC claim that they will be able to vet all individual members sufficiently to prevent this?

I know of people who suspected BIND exploits more than a week before the vulnerability was announced, which makes this possibility more feasible.

In essence, the ISC is holding the world to ransom, and I suspect many people won't like that. A few big corporate accounts may be enough to maintain better, alternative DNS software, and the ISC will find itself obsolete and vulnerable.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds