|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: md5 for bgp tcp sessions
On Thu, Jun 23, 2005 at 10:27:49AM -0400, Todd Underwood wrote: > > marty, > > On Thu, Jun 23, 2005 at 10:22:07AM -0400, Hannigan, Martin wrote: > > > rolling out magic code because your > > > vendor tells you to is a bad idea; > > > > That's mostly the result of the calamitous failure in vulnerability > > release methodology, not Operator stupidity. > > totally agreed. vendors c, j and several others should be *ashamed* > of the way that they handled and continue to handle this issue: they Hmm, Do you mean NISCC? I think they were driving the issue: http://www.uniras.gov.uk/niscc/docs/al-20040420-00199.html?lang=en > have yet to admit that they raised a panic (in secret, with no facts, > so that they could not be refuted) over a basic fact of the way tcp > works, creating outages and instability to fix a non-problem. > > operators in those circumstances had little choice but to roll out > "critical security fixes", but i think we all deserve an apology, an > explanation and a commitment to do better in the future. Come on folks, this was over a year ago, we've all grown some (well, at least older) and hopefully wiser in how to handle these situations as they come up. I suspect the vendors, NISCC/UNIRAS, and various global CERTs have been learning from these events, but it was awhile ago so take the lesson and move on. - Jared -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|