Please nominate Mr.DNS aka Dan Kaminsky for Most Overhyped Bug on the Pwnie Awards 2008.
I have heard about the vulnerability and have concluded its just clever marketing PR work to keep the profits rolling in for the Blackhat conference. Infact, the vulnerability is old, and has been around for a long time... I suspect the exploit will be appearing on Full-Disclosure in the next few days to steal Dan Kaminsky's thunder. He told researchers who work out the "lame" bug to tell him in private, and that he would full credit you in advisories and invite you to come up on stage with him. People should ignore this and post the exploit to Full-Disclosure before Blackhat conference to fuck up the Blackhat profits and show everyone how lame the exploit actually is. http://pwnie-awards.org/2008/awards.html#overhypedbug All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/