03-20-2009, 02:17 PM
IronMac wrote:
Wasn't he already sitting on that exploit for a year?
As for the comment about user education...that's laughable. Good luck consoling yourself with that sort of pablum.
Yeah, he was. He knew about the vulnerability at last year's contest but didn't have an exploit ready at the time. And because no one else discovered it, it went un-reported for a year. Not sure how to take that, but if a bear craps in the woods and no one is around to smell it, is it a "problem?"
As for user education, I do my part, but I know it's a lot easier to sit back and say it can't be done, which of course helps create its own truth.