In message <20021113044904.GA6374@alcove.wittsend.com>, "Michael H. Warfield" w rites:
On Tue, Nov 12, 2002 at 06:10:14PM -0500, Gerald wrote:
Haven't seen mention of this yet today and DNS affects most everyone in some way. The advisory was released a day early according to FreeBSD security officer.
Just to reiterate (I realize, in my haste, I forgot to include a reference or a quote in my earlier message)...
Here is a quote from Vixie on Slashdot:
] "ISS and ISC worked together on this. ISS found the ] vulns, ISC worked with the vendors, and both of us ] worked with CERT and coordinated the announcements. ]=20 ] Paul Vixie ] Chairman, ISC"
Doesn't sound like "released a day early" to me.
CERT said that the ISS advisory was to be released on 13 November, and that the patch would be available from ISC next week. There was no indication about when CERT itself was going to issue an advisory, but clearly someone said something a day earlier than had been expected. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
CERT said that the ISS advisory was to be released on 13 November, and that the patch would be available from ISC next week. There was no indication about when CERT itself was going to issue an advisory, but clearly someone said something a day earlier than had been expected.
Cool... That nails it then. CERT had it wrong. I think Paul notified CERT, but I could be easily wrong on that and will verify... Thanks!
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
On Wed, Nov 13, 2002 at 12:21:07AM -0500, Michael H. Warfield wrote:
On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
CERT said that the ISS advisory was to be released on 13 November, and that the patch would be available from ISC next week. There was no indication about when CERT itself was going to issue an advisory, but clearly someone said something a day earlier than had been expected.
Cool... That nails it then. CERT had it wrong. I think Paul notified CERT, but I could be easily wrong on that and will verify...
Checked it out. We notified CERT (Paul or ISC may have as well, I don't know about that). Here is what we sent them... ] -----Original Message----- ] From: Ingevaldson, Dan (ISS Atlanta) ] Sent: Monday, November 11, 2002 5:40 PM ] To: 'CERT Coordination Center' ] Subject: ISS advisory ] ] Team- ] ] This information was provided to us by ISC today on issues that ISS X-Force discovered. We will be releasing our security advisory tomorrow. Any questions regarding this material should be directed to the ISC security contact.
<<bind_security_11082002.tar.gz.pgp>> > > <<bind_security_11082002.txt.pgp>> Regards, ============================= Dan Ingevaldson Team Lead, X-Force R&D dsi@iss.net 404-236-3160
Internet Security Systems, Inc. The Power to Protect http://www.iss.net <http://www.iss.net/> =============================
Note the date... Note that we said "tomorrow". Note that it was also 5:40 PM EST. I'll accept that the choice of terminology probably led to the confusion, especially considering the late time. If they processed the message on the 12th and didn't look at the date in our notice then they could easily have gotten their date wrong. I'll mention it to Dan that we should never use relative date terminology in notices like this and to stick with absolute dates, even if it is "tomorrow". I wonder if we need to start timestamping some of our notices in addition to PGP signing them... Another topic, another time... Sigh...
Thanks!
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
Regards, Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
This does beg the question (not that I hold *you* responsible!) why the advisory had to come out before the patch. Does anyone know whether the news had escaped to the blackhats? Otherwise I cannot understand the rationale. Barney On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
CERT said that the ISS advisory was to be released on 13 November, and that the patch would be available from ISC next week. There was no indication about when CERT itself was going to issue an advisory, but clearly someone said something a day earlier than had been expected.
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
On Wed, Nov 13, 2002 at 12:46:28AM -0500, Barney Wolff wrote:
This does beg the question (not that I hold *you* responsible!) why the advisory had to come out before the patch. Does anyone know whether the news had escaped to the blackhats? Otherwise I cannot understand the rationale. Barney
Asking the wrong person on at one. And by that, I mean both Steve (who has nothing to do with it) and myself (I'm the Senior Researcher and Fellow at ISS, so I guess I do have something to do with it). ISS was under the impression that the patches and new sources WOULD be available when we released. We released as agreed upon and they weren't. What can I say...
On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:
CERT said that the ISS advisory was to be released on 13 November, and that the patch would be available from ISC next week. There was no indication about when CERT itself was going to issue an advisory, but clearly someone said something a day earlier than had been expected.
--Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
participants (3)
-
Barney Wolff
-
Michael H. Warfield
-
Steven M. Bellovin