Haven't seen mention of this yet today and DNS affects most everyone in
some way. The advisory was released a day early according to FreeBSD
security officer.
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
&
http://marc.theaimsgroup.com/?l=freebsd-security&m=103712312402461&w=2
G
Apologies...missed it earlier.
G
Haven't seen mention of this yet today and DNS affects most everyone in
some way. The advisory was released a day early according to FreeBSD
security officer.
The FreeBSD security officer was having a serious bout of
optical rectitus (did that make it past the censor... I did promise
no more violations of short monosylables...). The release was not
a day early, the release was on the date that ISS and ISC agreed on.
Actually, I'll take that back... The FreeBSD security officer
was "Notified this morning by CERT. The notification indicated that ISS
would go public tomorrow (not today)...". So it's unclear as to who
was suffering from optical rectitus, the FreeBSD dude or CERT. If
he received the notification in the morning, was it sent the prior
evening and he didn't get the time jump across midnight, or did CERT
suffer from a similar brain fart (opppsss... Is that a banned word?).
IAC... The advisory was negotiated and agreed upon between ISS and ISC
(who was notified by ISS on Oct 25). It went out as agreed upon and as
scheduled and as CERT was notified of. You figure out where the dain
bramage lay...
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
&
http://marc.theaimsgroup.com/?l=freebsd-security&m=103712312402461&w=2
G
Mike
Just to reiterate (I realize, in my haste, I forgot to include
a reference or a quote in my earlier message)...
Here is a quote from Vixie on Slashdot:
] "ISS and ISC worked together on this. ISS found the
] vulns, ISC worked with the vendors, and both of us
] worked with CERT and coordinated the announcements.
]
] Paul Vixie
] Chairman, ISC"
Doesn't sound like "released a day early" to me.
I know Paul posts to this list... Hi Paul!
:
Mike
Haven't seen mention of this yet today and DNS affects most everyone in
some way. The advisory was released a day early according to FreeBSD
security officer....
Actually, I'll take that back... The FreeBSD security officer
was "Notified this morning by CERT. The notification indicated that ISS
would go public tomorrow (not today)...". So it's unclear as to who
was suffering from optical rectitus, the FreeBSD dude or CERT. If
he received the notification in the morning, was it sent the prior
evening and he didn't get the time jump across midnight, or did CERT
suffer from a similar brain fart (opppsss... Is that a banned word?).
IAC... The advisory was negotiated and agreed upon between ISS and ISC
(who was notified by ISS on Oct 25). It went out as agreed upon and as
scheduled and as CERT was notified of. You figure out where the dain
bramage lay...
what i saw led me to believe that the cert people probably stayed up
really late getting the advisory out and didn't realize that it was
past midnight when they sent their warning to vendors. i'm told the
following header was in the message.
combine that with the fact even people who are security-officers for
various vendors just aren't likely to leap out of bed at 7am (local
time, not gmt-0500) and quickly go scan their email for the not
terribly regular pronouncement of a real security problem.
what it comes down to is that the word "tomorrow" is highly
inaccurate. specific dates and/or times are better, perhaps even with
reference to a specific time zone, if you wish to be that particular.