On Wed, 31 Jan 2001, Henry R. Linneweh wrote:
I understand that, the issue I had with this is in the presentation "Major net security holes identified", Should have read "Major net security holes fixed " this would have been fair to Paul and crew. is all I am saying.....
I think that with the remote-shell exploit just released on Bugtraq the next article will have to revert to "Major security hole found - chaos ensues". In an informal survey of about two dozen hosts (upstreams, friends, well-known corporations), myself and a coworker found that all of them were running vulnerable versions. Of course it's possible some of these are running as user "bind", maybe chrooted, maybe firewalled, but I'd bet the majority aren't. Add up all the broadband users running some unix box as their gateway and running whatever version of bind came with their distro, and I think you'll find that there will be thousands more cracked boxes come tomorrow a.m. Pair all this with the current crop of DDoS tools and I think you'll find that this is one of the worst bugs to crop up in a long time. Charles
Simon Lockhart wrote:
Major net security holes identified http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm
Heh, we're a news organisation. We report things as they happen ;-)
Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
--
Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | | working group | | Resilient Packet Transport | |--------------------------------| Henry R. Linneweh