Feeds

Plan to charge for BIND security info

Closed forum being set up

  • alert
  • submit to reddit

The next step in data security

Following revelations about a serious security weakness, the group involved in administering the BIND domain name server software is considering charging for access to security-related information about the important Internet program.

The Internet Software Consortium (ISC) plans to create a forum that will only be open to itself, vendors that include BIND in products, root and top-level domain name server operators, and other "qualified parties" who ISC decides to admit.

Members, who will pay a membership fee and be obliged to sign non-disclosure agreements, will receive privileged early warnings of problems with BIND.

The idea runs counter to the spirit of open disclosure of security problems that has long existed amongst security professionals, and has attracted strong criticism on mailing lists, such as BugTraq, that it will make the impact of any vulnerabilities worse, and play into the hands of crackers.

BIND (Berkeley Internet Name Domain) is an open-source software program that has become the de-facto standard for Domain Name System (DNS) servers on the Internet. Around 80 per cent of DNS servers run BIND.

Last week, a notice outlining a series of severe security problems with BIND was posted by CERT. The advisory documents four vulnerabilities in BIND, including two buffer overflows that could allow attackers to remotely gain unrestricted access to machines running the program

In a interesting discussion on the issue of creating a fee-paying forum, available here, Paul Vixie of ISC, said that the organisation would still issue security through CERT, but felt that using the security clearing house as a way to discuss issues between vendors was awkward, hence the creation of a fee-paying forum. ®

Related story

BIND holes mean big trouble on the Net

Choosing a cloud hosting partner with confidence

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.