Someone mod this insightful? Come on it's "obvious" that everyone in the UK Border Agency were all sat around reading Slashdot this morning, http://yro.slashdot.org/story/13/08/18/1641241/wikileaks-releases-a-massive-insurance-file-that-no-one-can-open and then spotted this guy's name popup on some list, put two and two together and ended up with a prime. ;^)

Yeah but I bet duck-duck-go, Bing, Yahoo and everyone else noticed. With no idea of the scale behind it, would duck-duck-go cope if Google went away?

Come on, just pack it in now.

As I understand it doing so in UK under the Official Secrets Act may in itself be illegal...

I imagine this has crossed (or should have) the minds of a few people here, is there any "credible" advice about the theoretical process and the best/least-worst practical actions to take if you're approached by your friendly local domestic intelligence agency and told to pony up your company's private keys (for example) along with the explicit instructions not to inform anyone else, ever? For the record I'd like to declare that I've never been in that or any similar position.

Even better, I've got two words for you "Course credit". ;^)

It's okay if not, thanks to the unique way the BBC is funded they'll no doubt be repeating it on Dave-5*+1 at the same time every night for a month before moving on to the next episode.

Yeah but at least we've got The Ministry of Sound and Ministry of Silly Walks.

...will be printing 3D sharks, gluing the firkkin' lasers onto their heads and fitting them with little robotic legs.

In Soviet Brummie-land the companies engineer you!

I live in the UK so I barely get to experience "Summer" on Earth, let alone space you insensitive clod!

He's not reporting a bug, he's reporting a security vulnerability which may indeed be a subset of "bug" but it's a very special subset of bug, the sort where even senior management are obliged to get their finger out of their arse and "Do the Right Thing". Especially given eBay are an American company as I seem to remember yanks being big on this thing called "Fiduciary duty to shareholders" which will most certainly not be served, even in the short-term, let alone the medium or long-term by sticking two fingers up at this kid.

TFTFY

"anymore"? Dude this is Slashdot, 99% of us couldn't run down the road, pictures or GTFO. :^)

Well that to.

TFA implies it was for "Ivy bridge" so yeah probably tied to chipset, maybe multiple boards but the point is they've demonstrated something arguably close to gross incompetence, misplacing source code is careless, misplacing the signing key is a different league. This is a commercial product how hard would it be to have the key in two parts, held by two individuals on the dev/release team?

This system is built purely on trust and its gone, I mean, yeah "I'm sure they'll be more careful next time" but sarcasm aside there's no real way for them to demonstrate that.

The truly paranoid might even point out that if someone with the means found the FTP server first they could already have trojaned AMI's build servers (running AMI bioses no doubt) with a root kit tainted bios that produced new tainted bioses during compilation and lo' all AMI bios forever after are hence tainted in a never ending FUBAR circle of doom!!!

With three entire exclamation marks and all assuming it's genuine.