Re: Nominate Dan Kaminsky for Most Overhyped Bug Pwnie Award

[mcwidget <mcwidget () gmail com>]

> Hi Sandy Vagina,
>
> Looks like they did a U-turn after realising how over hyped the bug
> actually is.
>
> n3td3v

So the Cat's out of the bag and the bug's public.

http://blog.wired.com/27bstroke6/2008/07/kaminsky-on-how.html
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

Still think this deserves a nomination?

Hype.  Excessive, exaggerated publicity, to give more attention than it
deserves.
http://www.google.co.uk/search?q=define%3Ahype

Given how easy it appears to be to redirect a client to a malicious web
server, is this publicity excessive?  It's clearly had the most publicity
but I don't think it's that clean cut.

This is an awkward one as Mom and Pop web surfers sitting at home are the
ones that are vulnerable here if they're redirected and phished, yet they
cannot patch this and easily protect themselves through their normal methods
such as Windows Update or IE7's phishing filter (correct me if I'm wrong
here but I think this will report the site as OK) - they're relying on other
people patching this.  In their shoes, I'd be screaming for publicity for
this to make sure other people are patching to keep me protected.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/