OK, so the Matasano people accidentally let everyone know what the DNS flaw was. I posted my thoughts on that at my CW blog. But then I read Pete Lindstrom’s little post about the issue, and I just have to wonder what Pete is thinking. Pete says this:
Here’s a thought: If you really want to keep a secret…
… I recommend against a press release, blog post, podcast, youtube video, public interviews, and comments. I know this is a bit radical, but I’m just sayin’…
Sort of like - the people who would really have to kill you if they told you something are smart enough not to tell you in the first place…
Wow. So Mr. Lindstrom, how do you propose that Dan let people know they need to patch their DNS WITHOUT TELLING THEM?!?!? Dan did everything he could not to let anyone but a few select "need-to-know" people about the flaw. He told them so they could develop patches. Then he announced it after they developed the patches. He did a great job with this.
What he didn’t want getting out was the details of the attack. But I am pretty sure Dan knew that this would happen eventually. There are too many people out there looking at this now for it not to come out. But hey, a man can hope, right??
So seriously Pete, think about it. Dan was trying to keep the flaw itself a secret before he announced so patches could get developed, then he announced so people would would know there was a flaw and would patch, and then he was trying to keep the details secret after he announced so people had time to patch. But he couldn’t NOT tell people and expect them to patch.
Vet
