[Tarski]

Well I think you hit the nail on the head, that the disclosure isn't responsible. I'm all for bringing the flaws in chip-and-pin to the public attention, however I find it distasteful that a leading university publishing the schematics of a device that can be used to commit fraud, receives so much applause for this community.

I get the impression that this has captured the public mood of "sticking it to the bankers", when really Cambridge have gone about this one the wrong way.

[foamdino]

My reading of the whole incident is that the exploit was disclosed (responsibly) to the banks 1 year ago and the banks have done nothing to fix the problem. Since then the professor (along with others) published a paper detailing the exploit. Finally the MPhil student cited the previously published paper in his thesis (it would be a crappy thesis to not reference current similar work)

At no point do I get the indication that the MPhil student was acting in a way that was 'irresponsible' - I don't know how you have come to that conclusion.

[burgerbrain]

"Responsible disclosure" is a term with a specific meaning in the field of security, using the term is not equivalent to agreeing with it's implied meaning.

In fact, many would argue that responsible disclosure is anything but, since it has the tendancy tp maximize the amount of time the public is at risk.

All of this is ignoring the fact that this paper wasnt even disclosure at al...