Hacker News new | past | comments | ask | show | jobs | submit login

This is IMO a completely wrong approach to security. Butler has not raised the threat level, he has merely illuminated the existing threat level.

I agree. Releasing a point and click exploit is standard practice among white hat, well intentioned hackers. Decades of this kind of tough love is why microsoft finally has an OS that is reasonably secure.

Illumination is one thing. Enabling a ten year old to do malicious stuff with a few clicks and poorly considered actions is entirely another.

If it can be that easily scripted, 10 year olds were already doing it. Suppressing knowledge, especially knowledge of a flawed system, doesn't make the system safer.

In terms of severity, computing has overcome worse exploits; this is a problem awaiting an answer, which sounds like opportunity to me.

> Suppressing knowledge

Again, degrees matter. Abstract knowledge is one thing. A simple tool to facilitate griefing people is quite another.

Mobile web browsing existed before the Iphone. Search existed before Google. Telecommunication preceded the internet. You could share mp3s before Napster and mp4s before Youtube.

And you used to have to delve into Wireshark to pull this off, but now you can snag grandma's credentials from any Starbucks in the country with a mouse. Degrees do matter.

And without raising awareness of the issue, everybody might always be somewhat vulnerable forever, whereas now that "we know", after being highly vulnerable for a short time everybody's vulnerability to this should drop to zero very quickly.

If you assume a limited number of evildoers and a limited ability to exploit this at will (e.g. you have to catch your victim in close proximity on public wi-fi that you're sharing with him), releasing a tool like Firesheep may produce significantly less total damage.

I know 10-year-olds who do this already.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact