Comment Re:A few notes... (Score 1) 530
Mike Perry did a great public service by making this tool and making it available.
WTF? No he didn't. Pointing out the vulnerability is a a public service, yes. Giving a talk where he outlines the problem? Also a public service. Distributing the means for anyone to make use of this vulnerability (ESPECIALLY when so many major vendors aren't prepared for it yet) is not a public service anymore. It's just arming script kiddies. Ralph Nader was able to do plenty of good without going around ramming into Chevy Corvairs to somehow "drive home" the need for a fix.
Security through obscurity is not security.
Full disclosure is a good thing. Unfortunately, the commercial focus of the Internet allows people to forget.
Not fully disclosing the nature of the vulnerability only minimizes one's ability to completely assess the circumstance.
Using irrelevant and inapplicable metaphors does not further your point.
Although RFP's policy [1] does not particularly address vulnerability assessment methodology, it is what I often like to reference when this comes up.
