I think the point is that the story in the *article* is anecdotal. There's no details, no names, no description. While it's certainly necessary to discuss security problems in a scientific manner, the article above doesn't, and smells of a hidden agenda. That's why it's important to disclose full details of an attack (to show its repeatability) if you're going to discuss it publicly at all: otherwise it's very easy to discount your disclosure as FUD, anti-marketing, or attention-seeking. This article does none of that. For all we know, the "Security Researcher" in question works for SCO, or is an 18-year-old with a badge that reads "Security Researcher", or left his laptop on a table while he/she went ot get coffee. Publish the details and then we can all judge independently whether the computer was hardened or not.

And a tip: using the phrase "It's time you asked mummy to get you a new box of crayons" does nothing to further the belief that you should be included amongst "us grown-ups here".

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11375/33089#33089