-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good Evening All, I thought it would be good to let you know that CCIP is aware of this vulnerability and has been working on it behind the scenes with the international community since May. In early July CCIP met with NZ Registry Services to discuss this issue and determine who the most appropriate audience for this information would be. Because of the sensitivity of this it was determined that the NZNOG mailing list would not be appropriate as it is an open forum with over 800 registered participants. It was agreed that the best method would be to send this out to the ISPANZ members. CCIP also issued an embargoed release to some of the larger ISP's prior to the public release. CCIP regularly work very closely with the international CERT community to coordinate on the dissemination of information such as this and we have been working a lot over the last few weeks to coordinate on this particular release. CCIP had the release prepared to send out the morning that it was made public. This was a report that had been prepared in conjunction with the international CERT community. While it may appear that CCIP or other CERTs reporting is just simply re-badged products from another country it has often has been worked on collaboratively prior to the release. This is to ensure that clear and consistent messages are being issued by all countries. CCIP is hosting an international meeting here later in the year where a key item on the agenda is this specific event. There will be a review of this collaborative effort and where it worked well and where there is room for improvement. CCIP has identified that in New Zealand there is a need for a stronger relationship between CCIP and the NZ ISP community and developing those relationships is going to be an ongoing process. If you have any details of vulnerable DNS servers in New Zealand please do not hesitate to send these through to incidents(a)ccip.govt.nz. There have been some already sent through today from members of this list and those have been or are being addressed by the relevant ISP's and thank you for sending those through. If you would like to introduce yourself to CCIP and/or to arrange a time to come in to meet with CCIP please feel free to contact CCIP at (info(a)ccip.govt.nz). Regards, Paul. - -- Paul McKitrick Business Manager Centre for Critical Infrastructure Protection P: (+64) 4 498 7654 F: (+64) 4 498 7655 E: paul.mckitrick(a)ccip.govt.nz W: www.ccip.govt.nz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBSIlzyDpQQM+EFUs7AQKLqwgAyfn/HPnxWW3MQvyt6nPHQJwkTIk8slpK 0SoclMnIoyX7HxJhjFF8z369Bfece1xg/3kUE4D2d693lVv1Aih6LUIf/BrprppF iJJmZCXbf3n3y2ZSLembf+vDj/Ff1/JYFECDKLsJNjDESTd2i2X6EgeZGMXeR41p cwKVUoyrmWbdmBcsxHkwAjy8KBwBBIBzBiwkW7tKd9Ed5RhoIlVrkmWgrJrdvMDf aF28UUUP2aYRisHrZJnTwkw1Z3ghFp12emNj2EMJons0ZLPKLhV1vt573eeyqFYH deQ6BbYNqpzvNrqVewSE07kBY2t8SDf3wFs8sI+VoPinAV8HGyvUvg== =NmEG -----END PGP SIGNATURE----- --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---