On Sat, 05 Aug 2006 20:16:39 GMT, neillmassello@earthlink.net (Neill
Massello) wrote in <1hjllxp.18kn8wy4t5nxsN%neillmassello@earthlink.ne t>:

>John Navas <spamfilter0@navasgroup.com> wrote:
>
>> That depends on whether or not more information is being provided to
>> affected organizations, as claimed. Thus far there hasn't been any
>> suggestion that it hasn't, so I think this criticism is, at the very
>> least. premature. ;) The recent massive Intel security patch also
>> lends credibility to the claims.
>
>Security researchers routinely inform "affected organizations" well in
>advance and delay the splashy public presentations until there's
>something available in the way of a fix. Going public before that
>usually only occurs after the exploit has already appeared in the wild
>or after vendors have been dragging their feet on the problem for a long
>time.

The latter may well have been the case here, but it's actually standard
practice to disclose the existence of a security flaw and just withhold
the details until enough time has passed for a fix (which might also
have been the case here), particularly when there are ways to minimize
or avoid the risk.

>No informed person is denying that there could be serious security holes
>in wireless device drivers. The validity of this particular claim will
>be sorted out in time. It's not so much the content of the announcement
>as its timing, that bizarre demonstration, and Ellch's and Maynor's
>extracurricular statements that have raised questions about their
>motives and credibility.

I respectfully disagree.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>