
With Security at Risk, a Push to Patch the Web  - markbao
http://www.nytimes.com/2008/07/30/technology/30flaw.html?_r=1&partner=rssnyt&emc=rss&oref=login
======
cperciva
* sigh *

A design flaw in BIND is a bad thing; but there are certainly worse scenarios.
A remote code execution bug in BIND, for example, would allow everything this
bug allows, and more; while remote code execution bugs in Apache, IIS,
OpenSSH, OpenSSL, the BSD or Linux IP stacks, Cisco routers, Juniper routers,
etc. would all be worse. (A few years ago I would have put Sendmail on that
list, but these days there's more diversity in MTAs.)

This is bad, but it's not the end of the world. Unfortunately, "not the end of
the world" doesn't sell newspapers.

------
there
phew, good thing we only have to patch the "web" and not the rest of the
internet.

