On Sat, Oct 09, 2004 at 05:15:47PM -0400, doc wrote: : : The new 20 Most Critical Internet Security Vulnerabilities updated : list just came out: http://www.sans.org/top20/ : : I was shocked to read the following on another list: : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : "Big suprise that BIND is at the top of the UNIX list :P : They even mentioned it by name unlike the horrible sendmail which : they just lumped in with the other buggy mail programs. This proves : once again that absolutely ANY DNS server is better than BIND. Even : Microsoft's." : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Which list? : Are Sendmail and BIND as bad as he implies or do I take this : as the grumblings of an uninformed person? : : Or is it just a matter of vulnerability only if one does not : take proper care in the configuration phase? Sounds like grumblings from a troll with a personal grudge against BIND. http://www.sans.org/top20/#u1 Although the BIND development team has historically been quick to respond to and/or repair vulnerabilities, an excessive number of outdated, mis-configured and/or vulnerable servers still remain in production. : I find it hard to believe that anything MS produces may be : secured to a superior level of a UNix/Linux app. Q: How do you secure a Windoze machine? A: Turn it off.