Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bind 4 and 8 Vulnerabilities

Posted by michael on from the who-uses-BIND4-anymore dept.

eecue writes "The world's most popular DNS package is once again vulnerable. Even the advisory says it's only a matter of time before worms are written.... just like a couple years ago. I guess this is why i run tinydns."

10 of 402 comments (clear)

  1. In other news by pheph · · Score: 5, Funny
    Another vulnerability has been found in Microsoft Windows 98...

    Come on, Bind 9 has been out for some time, so don't flip out!

  2. Re:Escape by Anonymous Coward · · Score: 5, Funny

    Escape your need for functionality, well-documented behaviors and the ability to freely import and export zone data without being a 15th-century sorcerer.

  3. Re:Tinydns is a pain in the ass to install by ComaVN · · Score: 5, Funny

    Hey, this guy offers $10,000.00 to anyone who can disprove his *AHEM* theory, and no-one has taken HIS money.

    --
    Be wary of any facts that confirm your opinion.
  4. BIND by Make · · Score: 4, Funny

    BIND - serving remote shells since 1986 ;)

  5. I'm scared by mao+che+minh · · Score: 5, Funny

    With all of the security news lately, I am too scared to run Apache, IIS, Exchange, lpr, lprng, mySQL, PostgreSQL, Outlook, Outlook Express, map Netware drives to Win 9x clients, X11, use any program that requires glibc, or use BIND 4 or 8 or any DNS for that matter. My computer sits in a locked closet, lacks input devices, and runs only the OpenBSD kernel and nothing else.

    1. Re:I'm scared by dpilot · · Score: 5, Funny

      You'd better finish securing it, then.

      Cut the power cord and fill the closet with cement.

      --
      The living have better things to do than to continue hating the dead.
    2. Re:I'm scared by Anonymous Coward · · Score: 1, Funny

      See, your problem is that you're running all this bloated, feature-filled, popular software. You need to run truly secure software, like DJB's new "djbtam" and "djbdhws".

      djbtam -> Dan J. Bernstein's Tight Anus Mail.

      That's right. Your mail server can be sealed up tighter than DJB's sphincter. This secure package is licensed under the "who gives a fuck" license, and is used by tens of users around the globe to keep their mail servers tight and puckered.

      All servers that send and receive mail need to install the djbtam sender package, which is a collection of 15 small C programs that each run under a different user ID and in a different chroot jail. Just to remind you how stupid you are, you have to install each one by hand and the license forbids you from distributing an installer. The daemons communicate with one another by flashing lights on the keyboard. You must be present to type the correct flash pattern into your console. This extra level of security keeps hackers at bay. Note: if you need logging, just write down the light flashes as you copy them. See, this kind of bloated functionality is what keeps other mail servers insecure!

      djbdhws -> Dan J. Bernstein's Dick Head Web Server.

      Ahh, now here we have a truly modern, high-performance web server. It consists of a single, chroot'd process that receives HTTP requests, one at a time (multithreading breeds security holes), and then looks up each one in a table, and passes it to an executable. There's one executable for each web page, which has the content hard-coded into the program. Each one runs in a chroot jail, and under a different userID. Adding a web page to your site is so easy! Just compile a new executable for the page, and then create a new user id for it to run under.

      Note, only HTTP GET is supported, no POST, no CGI, no dynamic content, no virtual hosts, and no logging (again, you should be smart enough to write a program that sits between the daemon and each page. kinda tough, since it runs chroot'd in an empty directory, but if you can't figure that out you're a shit-for-brains that deserves to be hacked).

      DJB software - 121 satisfied users, won't you join our elite club?

  6. Who needs DNS? by nuclearmoose · · Score: 2, Funny
    Real geeks just use host files. Here you go:

    /etc/hosts:

    66.35.250.150 slashdot

  7. Re:Copyright misconceptions by Anonymous Coward · · Score: 1, Funny

    Who cares whether the software is "completely free" according to someone's definition? As far as system administrators are concerned, if it meets or exceeds their needs, they're happy - be it "free", commercial, or DBJware. There's a large patch and support community for DJBware. Qmail is the second most-frequently used email server according to DJB's own surveys. djbdns is also used with great success by huge sites. System administrators with a clue love quality software whether it meets your definition of "free" or not, and will keep using it.

  8. Re:Tinydns is a pain in the ass to install by gol64738 · · Score: 4, Funny

    thank you for actually making all slashdot readers dumber by posting that.