The worst thing about the exploit -- Have you done your part?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Jul 26 16:46:36 UTC 2008


On Sat, Jul 26, 2008 at 09:28:25AM -0400,
 Alan Clegg <Alan_Clegg at isc.org> wrote 
 a message of 55 lines which said:

> What can we as the bind-users community do about Billy Bob?

ccTLD, being typically well-connected to their local Internet
community, can raise the alarm and push for the upgrade. Most already
did (URL on demand, from Japan, France, Canada, etc).

Local CERTs are of course also in good position to do so (in France,
the governement CERT did absolutely nothing).

These actors can gather information and use it to encourage people to
upgrade. See the excellent work by our austrians colleagues
<http://cert.at/static/cert.at-0802-DNS-patchanalysis.pdf>.

ICANN always boasts it is in charge of the "security and the
stability" of the Internet. But it did nothing, this time where the
security is really threatened.

Local mailing lists, user groups, etc, are also a good way to reach
people (a single post on the french-speaking Debian mailing list
brought me a lot of questions "Is it real?" "Should I patch now,
really now?" etc).



More information about the bind-users mailing list