Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
What follows is an inventory of the data we collect and use, with a link to the formal Statement of Privacy.
ISC operates a number of Sites for public collaboration and information sharing, including but not limited to: public mailing lists, fora, ISC’s main website, project wiki pages, source code repositories, software issue trackers, our Knowledgebase, our ftp.isc.org and downloads.isc.org downloads sites, social media sites, and others.
All of these systems may store submitter username, email address, and other contact data, depending on what the user shared (e.g. in the signature field in the email), as well as technical data about their software deployment, network, and issue, and possibly configuration files, log files, and core dumps. We must have this information in order to communicate with the submitter to get more information about the issue and/or verify a solution.
We don’t want anyone to refrain from submitting issues because of privacy concerns, however, so if you want to submit an issue and don’t want your submission to be publicly visible, contact us to request that we hide your personal information. Depending on the site, this may mean that the entire issue is non-public, which defeats the purpose of having a public issue tracker, so please don’t do this without a compelling reason.
Subscribers to ISC’s software support services have to provide contact information for multiple (usually four) points of contact. This information is required in order for us to provide the support service. This information generally includes:
We use the email address to communicate with support subscribers, to alert them of support ticket updates, to provide notice of new releases, to provide transactional information (such as validation of email address), to send terms and instructions for the support service, and to process forgotten passwords. Very infrequently, we may also use the technical support contact email addresses to survey support users about our support services or product usage, or to provide roadmap updates.
We don’t have any regular support process that uses customer telephone numbers, but some subscribers of our support services are allowed to contact us via phone and we might conceivably use the telephone number in an unusual process, e.g. for verifying identity when updating contact information or for password recovery.
Support technical contact information is stored in our support ticketing system, which is operated by ISC in the US. (Some technical support contacts may also be included in our main (Zendesk) contact database.) This database also includes a log of customer support tickets opened and our responses to them, and may include core dumps, configuration files, and software logs.
We use this information to support customers, and to identify and troubleshoot issues in our software. Access is limited to current ISC employees. We retain this record even after an individual or organization terminates their support relationship with ISC, unless they specifically request we delete it, because it provides us with a valuable technical record.
Our standard support services agreement includes a non-disclosure agreement (NDA). We don’t publicly identify customers or their representatives unless the customer does so first. When we log issues in our publicly visible issue trackers on behalf of support customers, we either make the issue private, or anonymize the support customer’s identity.
In the event you choose to make a donation or purchase using your credit card, we will request credit card information, including number, expiration date, billing address, and card security code so your donation can be processed. This information passes directly to ISC’s payment processor, PayPal. ISC neither uses nor stores this information.
We use services for interacting with users, optimizing our websites, and managing our search presence. Each of our contracts with these third parties restricts the use of personal information so it can only be used to provide the services under the contracts. In addition, these companies are required to treat all information and protect it by processes and procedures no less strict than those used by ISC.
Our current services and/or contractors are: * Zendesk – hosts ISC’s contact database. Access is limited to a few ISC employees. * Document360 - hosts ISC’s Knowledgebase. Access to articles is open to the public, without registration or login. * Github – hosts ISC open source and has Personal Data submitted by users in issues and patch requests as well as technical data Github may collect. Access is public. * Nabble – provides us with a hosted forum service, an alternative public discussion venue for ISC software and services. Nabble has access only to data already published on ISC mailing lists. * Zoom – provides conferencing services and may have data on prior conference attendance. * SurveyMonkey – provides survey operations and has data on prior survey responses, which may include technical data such as IP addresses from cookies.
We can be contacted, about this or anything else, at firstname.lastname@example.org.
Our main phone number (which generally goes to voicemail) is +1 650-423-1300. Our business address is PO Box 360, Newmarket, NH 03857.
What's New from ISC