to somthing called DNS poison [google.com]. Why? Because system administrators are anal and fail to realize that software like BIND is not written to be secure. Hell, DNS was not even designed for such a large internet. The original DNS implementors were bad programmers and designers.
BIND9... don't get your hopes up. The BIND company sells paches for their software. Meaning that if you don't pay them money then you're going to be running an errornouse DNS server.
Still most people use BIND for two reasons: no one wants
The $500 security guarantee is utterly irrelevant. (Btw: Who gets to judge what is a security problem? That's right, DJB himself. If that doesn't tell you something, then you're not the sharpest tool in the shed).
The $500 correpsonds to less than 50 hours at $10 an hour (being extremely generous with the hourly wages here, in favour of the "gaurantee"). Do you think anyone can audit the djbdns source code -- even ignoring the fact that it's largely uncommented and messy (#define, what's that?) -- in 50 hou
The $500 security guarantee is utterly irrelevant.
I not only have seen script kiddies trading private exploits for sums at least an order of magnitude greater than that, but they were selling it to multiple buyers. I am talking about script kiddies, not professionals, mind you. Even $100,000 would be laughable. $1,000,000 might start looking interesting for people not willing to make any serious usage (industrial espionage, etc.) of their exploits. But $500? Please don't mind if I die laughing. See
by Anonymous Coward writes:
on Monday August 02, 2004 @04:50PM (#9864696)
$100,000 is probably more money than djb makes in a year. If he offered to sacrifice a year's salary to someone who found a security flaw in software he wrote in his spare time and gives away for free, I would hardly call that laughable. Note also that Schneier's essay is pretty much irrelevant to this situation.
$100,000 is probably more money than djb makes in a year. If he offered to sacrifice a year's salary to someone who found a security flaw in software he wrote in his spare time and gives away for free, I would hardly call that laughable.
Daniel Bernstein's salary is completely irrelevant. $500 is not any less miserable (or laughable, for that matter) if it is given by someone who is poor.
Note also that Schneier's essay is pretty much irrelevant to this situation.
It is hardly irrelevant in m
The opulence of the front office door varies inversely with the fundamental
solvency of the firm.
90% of the internet is valnerable ... (Score:4, Interesting)
BIND9... don't get your hopes up. The BIND company sells paches for their software. Meaning that if you don't pay them money then you're going to be running an errornouse DNS server.
Still most people use BIND for two reasons: no one wants
Re:90% of the internet is valnerable ... (Score:3, Interesting)
Re:90% of the internet is valnerable ... (Score:0, Troll)
BIND is open source, but that doesn't make it safe and secure. it's probobly more insecure just because of that.
Irrelevant^2 (Score:5, Insightful)
The $500 correpsonds to less than 50 hours at $10 an hour (being extremely generous with the hourly wages here, in favour of the "gaurantee"). Do you think anyone can audit the djbdns source code -- even ignoring the fact that it's largely uncommented and messy (#define, what's that?) -- in 50 hou
Not only irrelevant—it's utterly laughable (Score:2)
I not only have seen script kiddies trading private exploits for sums at least an order of magnitude greater than that, but they were selling it to multiple buyers. I am talking about script kiddies, not professionals, mind you. Even $100,000 would be laughable. $1,000,000 might start looking interesting for people not willing to make any serious usage (industrial espionage, etc.) of their exploits. But $500? Please don't mind if I die laughing. See
Re:Not only irrelevant—it's utterly laughable (Score:0)
That is completely irrelevant (Score:2)
Daniel Bernstein's salary is completely irrelevant. $500 is not any less miserable (or laughable, for that matter) if it is given by someone who is poor.
It is hardly irrelevant in m