[wkd]

"Despite reporting the problem to the author on Friday, and following up the report via Twitter this has not yet been fixed, but after four days I assume I'm not alone in spotting this."

Giving someone a weekend to fix something doesn't exactly sound like responsible disclosure. I understand if you get excited because you found a flaw but if you find something like this please be more responsible with publishing your findings.

[kuschku]

Well, I found the same by pure chance before reading this article, and I suspect many more in the HN crowd did.

If already half a dozen people on HN report they’ve found it and emailed the person about it, it’s likely it’s too late for responsible disclosure.

[4ndr3vv]

Agreed! Better get that karma before someone else does /snark

[kuschku]

The issue is more that if so many people have already found it, who else has?

[23andwalnut]

Disclosing it publicly before it's been fixed only increases the number.