Last week, a security researcher published a "zero-day vulnerability" regarding a specific CCTV control server (although you can hardly call something that can be accessed through Google "zero day"). Expected fire from the CCTV vendor did not fail to arrive shortly after the disclosure.
This is no longer an isloated incident but rather a growing trend in this past year. I am seeing more and more "full disclosures" prior to vendor patching. Believing that this is indeed becoming a trend, I had to give it a second thought. The only thing I came up with is that this is a strong counter-reaction to practices that have been established in recent years.
Continue reading On Irresponsible Disclosure and Cosmic Black Holes.
