|
|
|
|
|
|
by sh1mmer
5702 days ago
|
|
|
Even if Github's implementation was misconfigured at first the right thing would be to inform them, wait for the fix and _then_ blog about how to do it successfully. Posting zero day exploits is not big or clever. Github's public transition to SSL should have encouraged people to not use Firesheep to try and snoop on their users' traffic. While a false sense of security doesn't help anyone, this kind of blogging remains more actively destructive than helpful. |
|
|
People seem to be jumping on this issue with zero regard for what I think is just common courtesy to site owners.