Another PIII ID Exploit Found

Peter Hernberg writes "We, it looks like someone has found another exploit to get your PIII ID. The new story is here.. " Cyrix and AMD are looking shinier each day.

Stating the obvious

[DonkPunch]

It is disturbing how some companies react to people who find flaws in their product.

Remember the Internet Exploder control? It was an ActiveX component which, when loaded with a web page, would count down ten seconds and shut down a Windows computer. The creator did it for the sole purpose of demonstrating potential security dangers with ActiveX.

Microsoft and Verisign threatened the guy with court action for obtaining a Verisign certificate under false pretenses. Never mind that part of his demonstration was just how easy it is to obtain such a certificate.

Now Intel has declared Zero-Knowledge's little demo to be a virus or trojan. Apparently, the goal is to discredit them. The worst part is that I think just about everyone saw it coming before they even got to "Intel's response" part of the article.

Here's the obvious part of my comment -- this tactic is pretty foreign to the Free Software community. It seems that most security problems with Free operating systems are received with, "thank you," and then they are FIXED. If you actually write a program which demonstrates the problem, you're a hero. No one attacks your credibility or motives. In fact, you are likely to GAIN credibility.

Of course, by posting this here I'm pretty much preaching to the choir. :)