Re: [ga] Re: Massive, Coordinated Patch To the DNS Released

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

stephane and all,

  Ok, good find.  I for some reason didn't get this advisory from
US-Cert.gov.  But your right, they are the same as Dan's refrence
at  http://securosis.com/publications/CERT%20Advisory.doc

Stephane Bortzmeyer wrote:

> On Tue, Jul 08, 2008 at 01:02:22PM -0700,
>  George Kirikos <gkirikos@xxxxxxxxx> wrote
>  a message of 33 lines which said:
>
> > This is exactly why registry operators should NEVER be judge, jury and
> > executioners when it comes to alleged domain abuse, as they could
> > inflict damage upon innocent victims. Read the advisory --- ANY name
> > server (and thus all the domains on that nameserver) could have been
> > compromised.
>
> Read the real advisory (not the Slashdot article) yourself: the
> vulnerability is on recursive name servers, not on the authoritative
> ones.
>
> http://www.kb.cert.org/vuls/id/800113

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827