---------- Forwarded message ---------- Date: Tue, 4 Apr 2000 13:52:10 -0400 (EDT) From: !Dr. Joe Baptista <[EMAIL PROTECTED]> To: Paul A Vixie <[EMAIL PROTECTED]> Cc: Mike Bilow <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Press Releases Paul: I've just spoken to some of my collegues and we want to make you an offer. We make this offer and challenge here to you. We will release to the ISC the bind1999 survey results is the ISC will commit itself to contacting the hostmasters who are running vulnerable BIND versions and advise them to upgrade. No other strings attached Paul. This offer was made to you last year and we make it again today. A secure internet is an internet which will benefit the community as a whole. BIND has been used on numerous occassions to break into trusted systems and as the former BIND maintener I think it's important you take the initiative to fix the very problems you are responsible for. The survey at this time has been kept from the public. I have made arrangements to release it as a public document by the end of the year. And one of my concerns is that the survey can be used to take down the internet DNS systems. It's a road map of every vulnerable point in the DNS infrastructure. If you and the ISC were to committ to fixing those security breeches - I and the internet community would be grateful. Regards Joe Baptista On Tue, 4 Apr 2000, Paul A Vixie wrote: > > Greg Shapiro has already corrected your false assertion that Paul > > maintains Sendmail, so I will not waste time on that. (Paul did, with > > Frank Avolio, write a book titled "Sendmail: Theory and Practice.") > > Fred Avolio, not Frank. > > > On Sun, 2 Apr 2000, !Dr. Joe Baptista wrote: > > > > > However - our attempt was cut short by Paul Vixie, who runs the ISC, > > > http://www.isc.org/. Paul vixie was also the BIND maintainer - in other > > > words the man responsible for the internets security holes in the dns > > > system. Paul incidentally resigned after we exposed to most of the world > > > that his program was a bit of a mess. > > I (Paul) did nothing of the sort. I'm still the maintainer of BIND8, and > still the Chairman of ISC's board of directors. As it happens, BIND has > been completely rewritten in the last couple of years and the result (BIND9) > is only a month or two away from full public release. I am not a maintainer > of BIND9, since I'm too old and too slow to do that kind of work any more. > > > > Anyway - paul did everything he could to block us, including placing us on > > > spam lists, which he controls - the RBL MAPS project. > > Baptista's server was blocked because he was sending out massive amounts > of unsolicited bulk e-mail and refused to stop even though many recipients > complained. See http://mail-abuse.org/. > > > > Incidentally - Paul Vixie also is the sendmail programmer, sendmail is > > > a program with many security holes which Paul capitalizes on. > > Baptista is lying outright. > > > > We tried to have Paul take on the responsiblity of asking the world to > > > upgrade the vulnerable BIND versions - but he was not interested. > > Baptista wanted ISC to be a cosignatory to his massive spam campaign against > all domain holders. We refused. > > > > > http://www.isc.org/ISC/news/pccf-statement.html > > This page was written because of the number of complaints about Baptista's > spamming activities which were incorrectly sent to ISC. The recipients of > Baptista's spam believed, based on the content of that spam, that the > maintainers of BIND (which means, the ISC) were responsible for the spam. >
