> > Hi Sandy Vagina, > > Looks like they did a U-turn after realising how over hyped the bug > actually is. > > n3td3v >
So the Cat's out of the bag and the bug's public. http://blog.wired.com/27bstroke6/2008/07/kaminsky-on-how.html http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html Still think this deserves a nomination? Hype. Excessive, exaggerated publicity, to give more attention than it deserves. http://www.google.co.uk/search?q=define%3Ahype Given how easy it appears to be to redirect a client to a malicious web server, is this publicity excessive? It's clearly had the most publicity but I don't think it's that clean cut. This is an awkward one as Mom and Pop web surfers sitting at home are the ones that are vulnerable here if they're redirected and phished, yet they cannot patch this and easily protect themselves through their normal methods such as Windows Update or IE7's phishing filter (correct me if I'm wrong here but I think this will report the site as OK) - they're relying on other people patching this. In their shoes, I'd be screaming for publicity for this to make sure other people are patching to keep me protected.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
