July 2008
To Publish, or not to Publish
A Major WEB Vulnerability
Dan Kaminsky decided to publish. This young security expert discovered a WEB flaw that presented itself to hackers for decades -- who knows how much it was exploited and by whom? He first notified some major WEB players -- discreetly, but not much was done in terms of fixing the problem. So Dan decided on a controversial move: to publish the detailed flaw for all to see.
The reality is that hackers can jump in on this newly exposed crack, and victimize in the short run quite a few innocent surfers. Security countermeasures, by contrast, are elaborate, and must be carried out independently by all concerned. So only for the long run will this vulnerability be plugged.
But without this drastic measure, the crack will never be plugged -- so goes the pro argument.
Was Dan Kaminsky right?
Do you wish to contribute your thought?
click here