Go read:

http://beezari.livejournal.com/141796.html
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://addxorrol.blogspot.com/2008/07/on-dans-request-for-no-speculation.html [<-READ THIS ONE IF NO OTHER]
http://suaranews.com/computer/dns-flaw-leaves-major-internet-security-hole.html

The whole “please don’t speculate” thing was ludicrous to start with, the world does not work like that; I am rather more amused at the Matasano Chargen group’s contribution, but what the hell it proves that they are human, too. Update: Halvar’s posting contains an introduction which is the clearest and best response to the stupidity of “selective-full-disclosure” that I have ever read. I endorse it heartily.

Note also:

http://seclists.org/isn/2008/Jul/0052.html

Computer security professionals have ganged up on Dan Kaminsky for violating a cardinal rule of hackerdom: publicising a flaw without providing the technical details to verify the finding.

In Dan’s defence, it’s either that, or the mass media would hang him “for giving guns to children” – or they would have in the 1990s, at any rate.

I don’t think they care so much, nowadays.

I know that I don’t…