how to get people to upgrade? (Re: The weak link? DNS)
E.B. Dreger
eddy+public+spam at noc.everquick.net
Wed Mar 26 18:19:16 UTC 2003
JL> Date: Wed, 26 Mar 2003 13:00:57 -0500 (EST)
JL> From: Jon Lewis
JL> How hard would it be to have bind do some sort of secure.bind.isc.org
JL> query at start-up or perhaps even periodically and have it log lots of
JL> warnings or refuse to run if the query comes back and tells it the local
JL> version has been deferred due to security updates? One obvious problem
Not hard. Again, I'm in favor of refusing to run... I've
encountered waaay too many "I click <OK> and it works" people.
JL> with this would be that certain vendors prefer to backport security fixes
JL> to older versions rather than test and release new versions...so an
If they're backporting, they can add their own checks. If they
break the version checking, then they become the vendor with the
broken software.
JL> insecure-looking version string may actually have had fixes applied.
JL> Perhaps the query could be for a timestamp that's defined in the source
JL> with the assumption that any code older than the most recent security
JL> update must be insecure.
This would make a good second/additional/whatever check.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.
More information about the NANOG
mailing list