<div dir="ltr">isn't the point of tech journalists to blog about stuff they dont understand to scare/awe clueless people and give informed people material to laugh at? If this is true Nate McFeters should be getting tech journalists awards and hall of fame.<br>
<br><div class="gmail_quote">On Fri, Jul 25, 2008 at 1:37 PM, Fredrick Diggle <span dir="ltr"><<a href="mailto:fdiggle@gmail.com">fdiggle@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Fredrick Diggle security would like to thank Dan Kaminsky for his new<br>
methodology for vulnerability disclosure. The Dan Kaminsky Method<br>
consists of the following steps.<br>
<br>
1. Think of technology or protocol that has high exposure throughout<br>
the internets<br>
2. Contact all of the vendors and tell them to patch all of the<br>
BADNESS in the standards which has been known about for 15 years.<br>
3. Contact lots of media outlets with lots of readers but no technical<br>
skill (<a href="http://blogs.zdnet.com/security/?p=1468" target="_blank">http://blogs.zdnet.com/security/?p=1468</a> <- Nate is good at<br>
being clueless) and have them write doomsday stories about the end of<br>
the internets.<br>
4. Publicly disclose an 'undisclosed' vulnerability in said<br>
technology. It is critical that you make a HUGE deal out of telling<br>
smart people that they should NOT speculate as to the nature of the<br>
vulnerability as it would threaten the entire internets. On the side<br>
tell people that you will give them partial credit if they find 'your'<br>
vulnerability before the public disclosure in a year or so.<br>
5. Wait for someone smart to find a real vulnerability and then act<br>
all pissed that they talked about it before you.<br>
6. Have a popular blogger with questionable morals 'accidentally' leak<br>
the full technical details of the vulnerability.<br>
7. ???<br>
8. PROFIT!!!!<br>
<br>
==========================================================<br>
<br>
As a supplement to this, Fredrick Diggle security would like to<br>
disclose a critical vulnerability in the Windows IPv4 network stack.<br>
This vulnerability is trivially remotely exploitable and could doom<br>
the entire internets if disclosed prior to being patched. All vendors<br>
have been notified and are working on patches. Fredrick Diggle will<br>
disclose the details of this vulnerability once he is sure that<br>
everyone is immunized (at Blackhat security conference in 2015). He<br>
would like to make it very clear that people should not speculate as<br>
to the nature of this vulnerability as public disclosure could<br>
threaten the entire infrastructure of the world (Halvar, This means<br>
you!). Anyone who independently discovers this vulnerability prior to<br>
public disclosure will be invited on stage to be recognized as having<br>
found it second.<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br></div>