Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer. http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 & http://marc.theaimsgroup.com/?l=freebsd-security&m=103712312402461&w=2 G
Apologies...missed it earlier. G On Tue, 12 Nov 2002, Gerald wrote:
Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer.
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
&
http://marc.theaimsgroup.com/?l=freebsd-security&m=103712312402461&w=2
G
On Tue, Nov 12, 2002 at 06:10:14PM -0500, Gerald wrote:
Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer.
The FreeBSD security officer was having a serious bout of optical rectitus (did that make it past the censor... I did promise no more violations of short monosylables...). The release was not a day early, the release was on the date that ISS and ISC agreed on. Actually, I'll take that back... The FreeBSD security officer was "Notified this morning by CERT. The notification indicated that ISS would go public tomorrow (not today)...". So it's unclear as to who was suffering from optical rectitus, the FreeBSD dude or CERT. If he received the notification in the morning, was it sent the prior evening and he didn't get the time jump across midnight, or did CERT suffer from a similar brain fart (opppsss... Is that a banned word?). IAC... The advisory was negotiated and agreed upon between ISS and ISC (who was notified by ISS on Oct 25). It went out as agreed upon and as scheduled and as CERT was notified of. You figure out where the dain bramage lay...
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
&
http://marc.theaimsgroup.com/?l=freebsd-security&m=103712312402461&w=2
G
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer. ... Actually, I'll take that back... The FreeBSD security officer was "Notified this morning by CERT. The notification indicated that ISS would go public tomorrow (not today)...". So it's unclear as to who was suffering from optical rectitus, the FreeBSD dude or CERT. If he received the notification in the morning, was it sent the prior evening and he didn't get the time jump across midnight, or did CERT suffer from a similar brain fart (opppsss... Is that a banned word?). IAC... The advisory was negotiated and agreed upon between ISS and ISC (who was notified by ISS on Oct 25). It went out as agreed upon and as scheduled and as CERT was notified of. You figure out where the dain bramage lay...
what i saw led me to believe that the cert people probably stayed up really late getting the advisory out and didn't realize that it was past midnight when they sent their warning to vendors. i'm told the following header was in the message. Date: Tue, 12 Nov 2002 01:11:44 -0500 combine that with the fact even people who are security-officers for various vendors just aren't likely to leap out of bed at 7am (local time, not gmt-0500) and quickly go scan their email for the not terribly regular pronouncement of a real security problem. what it comes down to is that the word "tomorrow" is highly inaccurate. specific dates and/or times are better, perhaps even with reference to a specific time zone, if you wish to be that particular. -- |-----< "CODE WARRIOR" >-----| codewarrior@daemon.org * "ah! i see you have the internet twofsonet@graffiti.com (Andrew Brown) that goes *ping*!" werdna@squooshy.com * "information is power -- share the wealth."
On Tue, Nov 12, 2002 at 06:10:14PM -0500, Gerald wrote:
Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer.
Just to reiterate (I realize, in my haste, I forgot to include a reference or a quote in my earlier message)... Here is a quote from Vixie on Slashdot: ] "ISS and ISC worked together on this. ISS found the ] vulns, ISC worked with the vendors, and both of us ] worked with CERT and coordinated the announcements. ] ] Paul Vixie ] Chairman, ISC" Doesn't sound like "released a day early" to me. I know Paul posts to this list... Hi Paul! : Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
participants (3)
-
Andrew Brown -
Gerald -
Michael H. Warfield