monline

For the last few days IT news is all about the discovery of two programmers (Robert E. Lee and Jack C. Louis): a new kind of DoS attack against all sorts of TCP stacks. Some say that the threat might not be that huge after all since probably the attacker has to have a real and public IP address which gets revealed during the attack. Hmm. Did these people hear about virii, worms, botnets, etc.? I doubt that the revealing of the attacker's IP would mean any concern to guys who are fixed on destroying things (services, value, companies, etc.). You could just go to a cafe (that has a free WiFi hotspot) and you've got your valid IP without any chance of being traced back to you. So I bet that (if the rumors turn out to be true) the flaw will be a serious issue.

Btw. this kind of a security flaw might be worth a lot of bugs (or lives ) to some people. Imho the employer of those guys should hire bodyguards for them, since the company profits the most from this hype. They should feel obliged to protect their valuable employees.

P.S.: if I were ever to discover something of this magnitude (which will most probably never happen ), I'd think twice about announcing it under my own name. Probably I'd submit the info anonymously or hand it over to a university to spread the word.