Hacker News new | ask | show | jobs
by marshray 4905 days ago
According to tptacek, "it was discovered by multiple teams independently" and "Lots of people have working proof-of-concept exploits for this".

I think your week started Jan 02 with CVE-2012-5664.
1 comments
steveklabnik 4905 days ago
But it was not knowledge to the general public until today. That's what matters. Those people have POCs, but they're not spreading them.
link
marshray 4905 days ago
One should never assume that he has a handle on everyone who knows the existence of a bug.

I think you underestimate your adversary. https://twitter.com/mikko/status/288766998228393984

link
steveklabnik 4904 days ago
You completely mis-understand my point. I don't think that this is the only person who knows this, that'd be idiotic. They are, however, the only person who posted it in this thread. Giving it more publicity. I don't think that that extra publicity is appropriate.
link
marshray 4904 days ago
Even now you still think it's useful to hide information from the "general public" and avoid "extra publicity"?!

The cat is out of the bag. You can no longer negotiate with this reality.

Publicly disclosing a bug is like birthing a baby. Once it's sticking halfway out, just get it all the way out because it's counterproductive to try to hold parts of it back in.

link
tptacek 4904 days ago
Gross, dude.
link
marshray 4904 days ago
Yeah, that analogy definitely seemed more elegant before I wrote it out.
link