# Why open-source DNS is 'internet's dirty little secret'



## phospher (Sep 24, 2009)

can you believe this dumb ass?

http://news.zdnet.co.uk/itmanagement/0,1000000308,39760362,00.htm


----------



## SirDice (Sep 24, 2009)

phospher said:
			
		

> can you believe this dumb ass?


Yes and there's a simple reason for his statement:



> Internet infrastructure company Nominum launched a set of cloud-based services on Tuesday. Its new hosted Domain Name System division, Skye, is offering DNS caching, an authoritative DNS service, DNS-based navigation assistance and threat-management.



His company sells a closed source solution :OO

He should know better though:


> By virtue of something being open source, it has to be open to everybody to look into. I can't keep secrets in there. But if I have a commercial-grade software product, then all of that is closed off, and so things are not visible to the hacker.


Security through obscurity does NOT guarantee security.



> I would respond to them by saying, just look at the facts over the past six months, at the number of vulnerabilities announced and the number of patches that had to made to Bind and freeware products. And Nominum has not had a single known vulnerability in its software.


This is just plain lying. 
http://www.nominum.com/asset_upload_file741_2661.pdf


----------



## phospher (Sep 24, 2009)

yeah, i like this one;



> Nominum software was written 100 percent from the ground up, and by having software with source code that is not open for everybody to look at, it is inherently more secure.



just like Microsoft right?


----------



## SirDice (Sep 24, 2009)

Nobody, and I really mean nobody, writes 100% perfect code. Even if the code's correct there might be problems with the implementation or even the protocol itself. It's just marketing BS^H^H err spin..


----------



## Eponasoft (Sep 25, 2009)

This guy is a first-class assclown. Not only is he lying through his teeth, but he doesn't even know his own company's products AND is oblivious to the fact that any newly created product will be relentlessly attacked by "bad guys" to break it...and in the case of closed-source proprietary trash such as this, it will be broken all over the place and they will spend millions trying to sweep the mess under the carpet. Bind has been around half of forever, and if this idiot think that he can compete with it then he's absolutely insane. And that bit about it being inherently more secure because it's closed source is the biggest laugh I've had all day. Making it closed source does little more than give hackers the incentive to break it.

But this part is the best:


			
				&quot said:
			
		

> I would respond to them by saying, just look at the facts over the past six months, at the number of vulnerabilities announced and the number of patches that had to made to Bind and freeware products.


Patches are released for major software all the time. This moron is just grasping for straws. And this one was fun too:


			
				&quot said:
			
		

> It's easy to say you've not had a single vulnerability if you're not widely deployed. But we run over half the internet. We are out in the most challenging, the most heavily trafficked networks in the world.


Then why have I never heard of you?

But wait, there's more. I think I have discovered the source of his stupidity:



			
				&quot said:
			
		

> In the US when I was growing up, various towns and cities put fluoride in the water. It was the only way to ensure every child was going to get healthy teeth.


All that fluoride you drink goes to your brain. Fluoride is the cheap way to prevent tooth decay, but its price is brain and bone decay. It is NOT the only way to ensure every child was going to get healthy teeth...teaching their kids to brush their teeth regularly, with or without fluoride-based toothpaste, is the only way. But that's a story for another forum.


----------



## DutchDaemon (Sep 25, 2009)

And, on cue:

http://www.coverity.com/html/software-testing-news.html


----------



## dennylin93 (Sep 25, 2009)

People will find vulnerabilities sooner or later. There is no such thing as perfect code.


----------



## saxon3049 (Sep 25, 2009)

I am sure they will then again are there any metrics on how many active installs of his crap are running live?


----------



## sossego (Oct 2, 2009)

If the base is from a BSD licensed product, it can be closed source. The license has to be in there somewhere. (I probably have this concept somewhat wrong. Forgive me if I do.)

If it is from a GPL licensed product, it's illegal from the ground up.

People will release information as their own to save their ass when things go bad. This seems to be the situation here.


----------



## graedus (Oct 2, 2009)

Just more closed-source FUD. And still many IT people believe that commercial backing == security.


----------



## fonz (Oct 3, 2009)

SirDice said:
			
		

> Security through obscurity does NOT guarantee security.


Nice one :e Should be put in a sig I think.

Btw: your statement also reminds me of DECT. Just because source and protocols are not disclosed, it doesn't mean that it can't be cracked by some determined Germans 

Alphons


----------

