This weeks nomination for SecurityIdiot (TM) goes to Thomas Ptacek.
In fact, we think he nominated himself.
Summary:
- Dan finds big DNS bug
- co-ordinates with Vixie, CERT et al - fixes get prepared
- Dan announces to world + dog: "patch now, I'll disclose in 4 weeks at BlackHat"
- Doubting Thomas proclaims the bug can't be all that serious
- Dan confides in Thomas, who does an about turn and announces 'Its the real deal'
- Mucho guessing on DailyDave mailing list
- Halvar - who really should have been studying for his exams - chimes in with his theory
- Thomas tells Halvar - via the Matasano blog - 'By jove, you've gone and guessed what that Kaminsky fella told me down the pub about his DNS sploit'.
- Story catches fire, exploits are written
- Thomas goes 'Duh' and publishes below apology...
Earlier today, a security researcher posted their hypothesis regarding Dan Kaminsky’s DNS finding. Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error. We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.
We dropped the ball here....
Continues at the Matasano Chargen Blog
Posts
0 comments:
Post a Comment