> I think a better question is, once a vulnerability has become
> widespread public knowledge, do you expect malicious actors, malware
> authors and intelligence agencies of autocratic nation-states to obey
> a gentlemens' agreement not to exploit something?

false anology, or maybe just a subject switch.  the 'attacker' was not
a nation state nor intentionally malicious.  it was a naïve researcher
meaning no harm.  in fact, i have co-authored with ítalo, and he is a
very well meaning, and usually cautious, researcher.  he just fell in
with a crew with a rep for ops cluelessness that needed to demonstrate
it once again.

to nick's point.  as nick knows, i am a naggumite; one of my few
disagreements with dr postel.  but there is a difference between
writing protocol specs/code, and with sending packets on the global
internet.  rigor in the former, prudence in the latter.

while it is tragicaly true that someone will be willing to load mrs
schächter on the cattle car, it damned well ain't gonna be me.


Reply via email to