[bind] Re: The worst thing about the exploit -- Have you done your part?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Sun Jul 27 20:25:19 UTC 2008
> On the other hand, I posted about this on a hardened Linux mailing
> list, and received only ridicule and scorn in return. A security
> professional who claims over 3 decades of Internet experience led the
> charge, calling me paranoid and an alarmist. He specifically claimed
> that, since he doesn't operate a resolving name server (he uses his
> ISP, who have not patched their name servers as of my last check), and
> since his authoritative name servers are all PowerDNS, he has nothing
> to worry about, so why was I bothering the list with this irrelevant
> nonsense?
>
> All to say, don't expect it to necessarily be easy to convince people
> this is a real problem.
>
> (I've had better experiences elsewhere. And all of my friends and
> family whose ISP's are not updated are using opendns.com.)
>
People have also said "Well, wait until the news outlets get a
hold of this, it'll be bigger than any movie stars baby, any presidential
scandal, etc". Well, I've seen it on 2 different news sites, with it
giving a "dooms day" feel to it.... And.... Seems its just not getting
anyones attention. The ISP I'm on (MAJOR cable co) still hasn't seemed
to make the change or done anything about it.
I guess someone needs to poison a few large DNS servers and
start stealing credit cards and eBay/Paypal/Y!/Gmail id/passes for it
to get anyones attention.
Tuc
More information about the bind-users
mailing list