November 30, 2014
Our local BSD fellow, Logan, invited Eddy to share a little of his experience with us. Within the Linux User Group we thought of having an informal talk on DNS, anatomy of the Internet, all while chilling with beer. Couldn’t be better as Eddy was supposed to catch a flight the next day ^^, Aww! He didn’t drink beer though.
It was a great opportunity to discuss & learn stuffs from a senior fellow. Several topics were tossed on the table and stories shared. Nitin1 asked Eddy about DNSSEC and told him issues he had while installing tools. Eddy was happy to hear a feedback and told Nitin he will send a better documentation for him to follow and enable DNSSEC on his darkxploit.us domain ^^,
I was speaking about the Cyber Security Conference and the talk on “Incident Handling” which I attended earlier. Eddy smiled and said, since you had a disappointment, let me give you something and then he explained me how incidents are handled at the Internet Systems Consortium (ISC). He described the process of sending a bug report through PGP signed emails. Depending on the seriousness of the bug, ISC security officers (spread across the globe) are called on a private communication channel and the issue is addressed. The bug reporter is made aware of the incident handling and all further communication are done with utmost secrecy. Critical bugs are patched within two hours at most (in majority of cases) and various stakeholders are gradually informed of the bug. The patch is made available and there is a public disclosure. I enjoyed the conversation, it was knowledge enriching and inspiring how these guys toil hard to keep the Internet running without breaking.
Sorry for the photo quality.