-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Open source DNS server takes on BIND
,----[ Quote ]
| Four companies led by Dutch non-profit NLnet Labs have launched an open
| source, Linux-compatible DNS (Domain Name System) server. "Unbound," which is
| also sponsored by VeriSign, Nominet, and Kirei, claims to offer a validating,
| recursive, and caching DNS server that is faster than the open source DNS
| mainstay BIND.
`----
http://www.linuxdevices.com/news/NS7841486098.html
VeriSign Takes Aim at Open Source DNS
,----[ Quote ]
| Now VeriSign, the company that runs that .com and .net domains, is aiming to
| provide an open source alternative to BIND, called Unbound.
`----
http://www.enterprisenetworkingplanet.com/news/article.php/3748251
Another new one:
Active Broadband Networks Releases Open Source IPDR/SP Collector and IPDR
Re-Exporter
,----[ Quote ]
| Active Broadband Networks, a pioneering developer of Subscriber Service
| Management Systems based upon the emerging IPDR standards, announces the
| availability of the first Open Source IPDR/SP collector and IPDR Re-exporter
| for the Active Resource Manager.
`----
http://www.webwire.com/ViewPressRel.asp?aId=65916
Recent:
SUBJECT: Microsoft SWI blog inaccuracies
,----[ Quote ]
| As you know, 3 weeks ago I published my paper, "Microsoft
| Windows DNS Stub Resolver Cache Poisoning"
| (http://www.trusteer.com/docs/Microsoft_Windows_resolver_DNS_cache_poiso
| ning.pdf),
|
| simultaneously with Microsoft's release of MS08-020
| (http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx).
| A day later, Microsoft's Secure Windows
| Initiative (SWI) team published their blog entry for MS08-
| 020
| (http://blogs.technet.com/swi/archive/2008/04/09/ms08-020-how-predictabl
| e-is-the-dns-transaction-id.aspx).
|
| Unfortunately, the SWI blog entry contains two serious
| mistakes. The first mistake is an inaccurate description of
| the PRNG used for the Microsoft Windows DNS client
| transaction ID. The second mistake is SWI's claim that
| "attackers cannot predict a guaranteed, known-next TXID
| exactly even with this weakness".
|
| I contacted Microsoft about those mistakes, and while
| Microsoft did not refute my statements, they also refused
| to revise the blog entry. On one hand, I am inclined to tag
| this as a simple unwillingness on the side of the vendor to
| revise its materials and admit its mistakes. On the other
| hand, I cannot ignore the fact that the two mistakes, when
| combined, result in misleading the blog reader about the
| nature and the severity of the problem.
|
| [...]
|
| This is in stark contrast to SWI's claims. Furthermore,
| Microsoft did have the full paper (actually, a draft of it
| which contains all the relevant technical information) well
| before the SWI blog was published. So the problem here is
| not an issue of SWI not having access to the paper when
| they wrote their blog entry.
`----
http://www.securityfocus.com/archive/1/491392
Utah Pilots Open Source Infectious Disease Management System
,----[ Quote ]
| Collaborative Software Initiative (CSI) today announced the release of the
| first open source, Web-based infectious disease reporting and management
| system.
`----
http://www.govtech.com/gt/323349?topic=117674
Related:
Microsoft preps 133 patches for Windows DNS hole
,----[ Quote ]
| Microsoft is working on 133 separate updates for the problem, Budd wrote.
`----
http://news.com.com/8301-10784_3-9710490-7.html
Microsoft DNS Server Attacks Continue
,----[ Quote ]
| The concept enables malicious users to run code remotely under the
| system privileges generally granted to the DNS service itself.
`----
http://www.betanews.com/article/Microsoft_DNS_Server_Attacks_Continue/1176828918
Microsoft: Patch for critical DNS flaw may be ready by 8 May
,----[ Quote ]
| The cmopany has been under pressure to address the flaw, reported
| last week, since software that exploits it has now been widely
| disseminated, and criminals are beginning to use it in attacks.
`----
http://www.computerworlduk.com/technology/servers-data-centre/infrastructure-management/news/index.cfm?newsid=2650
http://tinyurl.com/27wje2
Attack code raises Windows DNS zero-day risk
,----[ Quote ]
| At least four exploits for the vulnerability in the Windows domain
| name system, or DNS, service were published on the Internet over the
| weekend, Symantec said in an alert Monday.
`----
http://news.zdnet.com/2100-1009_22-6176429.html
Cybercrooks exploiting new Windows DNS flaw
,----[ Quote ]
| Cybercrooks are using a yet-to-be-patched security flaw in certain
| Windows versions to attack computers running the operating systems,
| Microsoft warned late Thursday.
`----
http://news.zdnet.com/2100-1009_22-6175743.html
Microsoft's advisories giving clues to hackers
,----[ Quote ]
| How's this for a new twist on the old responsible disclosure debate:
| Hackers are taking advantage of information released in Microsoft's
| pre-patch security advisories to create exploits for zero-day
| vulnerabilities.
`----
http://blogs.zdnet.com/security/?p=167
DNS security improves as firms tool up to tackle spam
,----[ Quote ]
| Infoblox's survey found that the number of internet-facing DNS servers
| increased from 9m in 2006 to 11.5m in 2007, indicative of the overall growth
| of the internet. Percentage usage of the most recent and secure version of
| open-source domain name server software - BIND 9 - increased from 61 per cent
| to 65 per cent over the last year. Use of BIND 8, by contrast, dropped from
| 14 per cent in 2006 to 5.6 per cent this year. Usage of the Microsoft DNS
| Server on web-facing systems also fell, decreasing to to 2.7 per cent in 2007
| from five per cent last year.
`----
http://www.theregister.co.uk/2007/11/20/dns_security_survey/
Use of rogue DNS servers on rise
,----[ Quote ]
| The paper estimates roughly 68,000 servers on the Internet are returning
| malicious Domain Name System results, which means people with compromised
| computers are sometimes being directed to the wrong Web sites — and often
| have no idea.
`----
http://news.yahoo.com/s/ap/20080213/ap_on_hi_te/techbit_servers_that_lie
UK government launches open source CO2 calculatorUK government launches open
source CO2 calculator
,----[ Quote ]
| Back in March the UK’s Conservative Party vowed to encourage the adoption
| of open source adoption if elected at the next General Election.*
|
| Today the Labour Party did its bit by releasing the code behind its new
| carbon footprint calculator under the general public license.
`----
http://www.businessreviewonline.com/os/archives/2007/06/uk_government_l.html
Petition the UK Government to protect GPL software
,----[ Quote ]
| Since software patents may threaten this fundamentally important freedom, we
| propose that software published under the GNU General Public Licence (version
| 3 and above) be given immunity from prosecution from patent infringement
| under the Copyright Designs and Patents Act.
`----
http://www.libervis.com/article/petition_the_uk_government_to_protect_gpl_software
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIM9kaU4xAY3RXLo4RAgMiAJ9LL9nO6kuT5Z8AU6kEyTwdh6ssQQCfbe8j
gvRQ1GDD2MtaPPQ8YW0d0a0=
=ue/1
-----END PGP SIGNATURE-----
|
|
