Security Portal: ISC: Charging for Security?Feb 04, 2001, 15:06 (3 Talkback[s])
(Other stories by Kurt Seifried)
"ISC's Bind has become the de facto standard for running name servers, from the heavily used root server all the way to single-user Unix workstations. This has resulted in a monoculture: outside of some Microsoft-based networks, virtually all name servers run Bind."
"The security problems in Bind are numerous, with root hacks and denial of service attacks being found over the years. The ISC Bind security page lists twelve "official" security holes in various versions of Bind. If you visit any hacker Website, chances are you can find dozens of prepackaged "exploits" that will allow you to break into various versions of Bind running on different Unix platforms. Currently, of the SANS top ten security problems, Bind is number one."
"ISC is now considering charging for access to security-related information regarding Bind."