In the wake of the recent DNS cache poisoning and subsequent patch, one researcher spilled the beans before the end of the 29 day quiet period designed to give the WORLD full of vulnerable servers a chance to patch all their DNS software before releasing details.
Unfortunately, Halvar Flake feels he knows better than the rest of us:
Halvar Flake, talented in the ways of reverse-engineering and not, it seems, part of any confidentiality agreement, speculated on the details of the attack in his blog. Flake disagrees on the utility of the 29 day blackout period; he argues that people are better off with more information in this case.
I'm not sure what planet Mr. Flake lives on but which people are better off with more information, the hackers?
Sometimes exercising a little common sense is better than grabbing a headline just to show how smart you are.
I'm sure everyone would love to know the details but perhaps it's best shared after all the DNS servers are updated and people's livelihoods are no longer at risk.
[edited by: incrediBILL at 8:42 pm (utc) on July 28, 2008]