Forgot your password?
typodupeerror
Security

Bind 4 and 8 Vulnerabilities 408

Posted by michael
from the who-uses-BIND4-anymore dept.
eecue writes "The world's most popular DNS package is once again vulnerable. Even the advisory says it's only a matter of time before worms are written.... just like a couple years ago. I guess this is why i run tinydns."
This discussion has been archived. No new comments can be posted.

Bind 4 and 8 Vulnerabilities

Comments Filter:
  • by pheph (234655) on Tuesday November 12, 2002 @03:19PM (#4653005) Homepage
    Another vulnerability has been found in Microsoft Windows 98...

    Come on, Bind 9 has been out for some time, so don't flip out! [realultimatepower.net]

  • Re:Escape (Score:5, Funny)

    by Anonymous Coward on Tuesday November 12, 2002 @03:27PM (#4653094)
    Escape your need for functionality, well-documented behaviors and the ability to freely import and export zone data without being a 15th-century sorcerer.
  • by ComaVN (325750) on Tuesday November 12, 2002 @03:53PM (#4653334)
    Hey, this guy [timecube.com] offers $10,000.00 to anyone who can disprove his *AHEM* theory, and no-one has taken HIS money.
  • BIND (Score:4, Funny)

    by Make (95577) <max@duempe l . org> on Tuesday November 12, 2002 @03:54PM (#4653345) Homepage
    BIND - serving remote shells since 1986 ;)
  • I'm scared (Score:5, Funny)

    by mao che minh (611166) on Tuesday November 12, 2002 @03:59PM (#4653393) Journal
    With all of the security news lately, I am too scared to run Apache, IIS, Exchange, lpr, lprng, mySQL, PostgreSQL, Outlook, Outlook Express, map Netware drives to Win 9x clients, X11, use any program that requires glibc, or use BIND 4 or 8 or any DNS for that matter. My computer sits in a locked closet, lacks input devices, and runs only the OpenBSD kernel and nothing else.
  • by nuclearmoose (583409) on Tuesday November 12, 2002 @04:14PM (#4653498) Homepage
    Real geeks just use host files. Here you go:

    /etc/hosts:

    66.35.250.150 slashdot

  • by dpilot (134227) on Tuesday November 12, 2002 @04:39PM (#4653705) Homepage Journal
    You'd better finish securing it, then.

    Cut the power cord and fill the closet with cement.
  • by Anonymous Coward on Tuesday November 12, 2002 @04:50PM (#4653823)
    See, your problem is that you're running all this bloated, feature-filled, popular software. You need to run truly secure software, like DJB's new "djbtam" and "djbdhws".

    djbtam -> Dan J. Bernstein's Tight Anus Mail.

    That's right. Your mail server can be sealed up tighter than DJB's sphincter. This secure package is licensed under the "who gives a fuck" license, and is used by tens of users around the globe to keep their mail servers tight and puckered.

    All servers that send and receive mail need to install the djbtam sender package, which is a collection of 15 small C programs that each run under a different user ID and in a different chroot jail. Just to remind you how stupid you are, you have to install each one by hand and the license forbids you from distributing an installer. The daemons communicate with one another by flashing lights on the keyboard. You must be present to type the correct flash pattern into your console. This extra level of security keeps hackers at bay. Note: if you need logging, just write down the light flashes as you copy them. See, this kind of bloated functionality is what keeps other mail servers insecure!

    djbdhws -> Dan J. Bernstein's Dick Head Web Server.

    Ahh, now here we have a truly modern, high-performance web server. It consists of a single, chroot'd process that receives HTTP requests, one at a time (multithreading breeds security holes), and then looks up each one in a table, and passes it to an executable. There's one executable for each web page, which has the content hard-coded into the program. Each one runs in a chroot jail, and under a different userID. Adding a web page to your site is so easy! Just compile a new executable for the page, and then create a new user id for it to run under.

    Note, only HTTP GET is supported, no POST, no CGI, no dynamic content, no virtual hosts, and no logging (again, you should be smart enough to write a program that sits between the daemon and each page. kinda tough, since it runs chroot'd in an empty directory, but if you can't figure that out you're a shit-for-brains that deserves to be hacked).

    DJB software - 121 satisfied users, won't you join our elite club?
  • by Anonymous Coward on Tuesday November 12, 2002 @05:32PM (#4654168)
    Who cares whether the software is "completely free" according to someone's definition? As far as system administrators are concerned, if it meets or exceeds their needs, they're happy - be it "free", commercial, or DBJware. There's a large patch and support community for DJBware. Qmail is the second most-frequently used email server according to DJB's own surveys. djbdns is also used with great success by huge sites. System administrators with a clue love quality software whether it meets your definition of "free" or not, and will keep using it.
  • by gol64738 (225528) <TEA minus caffeine> on Tuesday November 12, 2002 @07:33PM (#4655146)
    thank you for actually making all slashdot readers dumber by posting that.

The degree of technical confidence is inversely proportional to the level of management.

Working...