A case of fictional disclosure

So it's all a joke. HA HA, friggin' HA. What am I talking about? The Toorcon presentation by two "kids" that purported to have found a 0-day exploit that allowed remote code execution in Firefox. The PC World coverage is here [1].

This is bad. They both should be drawn and quartered. In a public square preferably. The guy that works for Six Apart should be fired. This is a nightmare for his employer. The spin-meisters will be cleaning up this turd for weeks, as opposed to doing their job.

But Six Apart seems to be coming to the guy's defense, based on this quote:

"To hear Six Apart spokesperson Jane Anderson tell it, the Toorcon presentation was a joke invented by two kids barely out of their teens who didn't understand the ramifications of their actions."

Bad move. I'm not trying to be harsh or insensitive. But these fellows need to be made examples of. If Six Apart tolerates this behavior, why wouldn't other vendors? No thank you. Take decisive action. Nip this in the bud. Send them out of the airlock.

We are having enough trouble with responsible disclosure given the behavior of vendors like Apple. So now I'm coining a new term to describe this "fictional disclosure."

I'm a big fan of "so what?" So here's what: Every hacker presentation at good conferences like Black Hat and Defcon will now be suspect. Part of responsible disclosure is that the real exploits are NOT used and published at these conferences. But who is going to know if the attacks are real?

So now we face a two-step process. Cool stuff will be presented at Black Hat, and a couple of weeks later we'll figure out whether it's real or not. It's sad and innocent people are going to get hurt because vendors that are just looking for excuses to ignore holes in their software you can drive a truck through will now have another reason to do nothing.

And these guys are young is no excuse. Kids go to jail for doing stupid things. I'm pretty sure these guys are over 18. That makes them responsible for their actions. And take responsibility they should. Be contrite. Show remorse. And get ready for your new career's as freelancers.